News

The workforce and skills gap in cybersecurity continues to plague organizations.

A proof-of-concept hack allows adversaries to tweak old exploits, have code jump containers and attack underlying infrastructure.

As many ponder the big ethical questions around cyber, some are proposing public interest technologist as a solution.

Student researchers working with IBM X-Force Red team find security holes in five leading visitor management systems.

Did we say break? We meant test its 'survivability'

Who, Me?  Hello, dear readers. We see you've come for your weekly dose of Who, Me? to shake off this serious case of the Mondays.…

New look at server data behind a previously-identified espionage campaign shows that it has exceeded researchers' expectations in complexity, scope and breadth.

What does the age of near-ubiquitous data breaches, deep fakes, and fallible biometric authentication mean for enterprise security?

PS: Update Adobe ColdFusion, Cisco WebEx Meetings, Nvidia drivers with security fixes

Roundup  Here's your weekend rapid-fire roundup of infosec news, ahead of next week's RSA Conference, beyond what we've already covered.…

Despite fried RAID and deleted hard drives, Federal News Agency calls US Cyber Command attack a failure

A Russian new service is claiming that US attacks on it and an organisation accused of state-sponsored trolling has left storage systems damaged and international servers wiped after multiple malware attacks.…

Adobe has hurried out a patch for a critical arbitrary code execution vulnerability in its ColdFusion product.

The Threatpost team talks about the biggest cybersecurity stories, trends and research we'll see at RSA this year.

RV110W, RV130W, RV215W need patching to close remote hijacking bug

Cisco has patched three of its RV-series routers after Pen Test Partners (PTP) found them using hoary old C function strcpy insecurely in login authentication function. The programming blunder can be exploited to potentially hijack the devices.…

Using an on-again, off-again strategy of C2 communication helps it hide from researchers.

But the proof of the pudding will be in the eating

RSA  As San Francisco gets ready for its annual RSA Gabfest Conference, organisers appear to have got the message over inclusivity following last year's fiasco, but they aren't out of the woods yet.…

Learn attackers’ ways to keep your systems safe

Webcast  Today's cyber-miscreants get smarter all the time, constantly learning from each other and finding new ways to hack into organisations' IT systems.…

All that glitters ain't gold, as they say

The founder of now-dead cryptocurrency My Big Coin has been arrested and charged with seven counts of fraud and unlawful money transfers for what is allegedly an extraordinarily blatant scam, even in the shady world of cyber-cash schemes.…

And 'ask a Redmond security bod' panic button for Windows Defender ATP customers

Microsoft has wheeled out two new enterprise security tools – Azure Sentinel, a cloud-based SIEM, and Microsoft Threat Experts, an infosec advice-as-a-service bundled with a panic button.…

We've said it once, we've said it a thousand times. Don't open weird attachments, kids

A new version of the decade-old banking credential-stealing Qbot malware is doing the rounds, according to infosec firm Varonis.…

The controversial cryptomining service is shutting down.

Cisco said that CVE-2019-1663, which has a CVSS score of 9.8, allows unauthenticated, remote attackers to execute arbitrary code.