Vulnerabilities
An ‘Alarming Escalation’ of Sophistication in DDoS Attacks, Cloudflare Says
Distributed DDoS attacks are becoming increasingly sophisticated and complex, making an already-expanding threat landscape even more challenging ...
Biden Admin. Adds ‘Mercenary Spyware’ Firms to Ban List
European cousins Intellexa and Cytrox essentially banned by Commerce Dept. — Predator/ALIEN not welcome in U.S ...
PCI-DSS 4.0 is Here. What Does it Mean for Online Retailers?
PCI-DSS 4.0 was released in early 2022 with a two-year transition period to allow organizations time to learn about and implement it. Are you ready for the transition? ...
ChatGPT Provides Limited Help Identifying Malware
Current LLM-based tech like ChatGPT can accurately classify malware risk in only 5% of cases—and they may never be able to recognize novel approaches used to create malware ...
CISA to Gov’t Agencies: Mitigate a Flaw in Windows and Office
The U.S. government is giving federal agencies three weeks to mitigate a zero-day Microsoft Windows and Office security flaw exploited by the Russian-linked RomCom threat group ...
The Two Faces of AI in Identity Management
The advent of AI made identity the most-targeted part of the attack surface. But without AI, identity is a sitting duck ...
APT Group Red Menshen is Rapidly Evolving its BPFDoor Malware
Red Menshen is an APT group that is rapidly evolving its BPFDoor backdoor malware that targets systems running Linux or Solaris ...
OPSEC FAIL: US Military Email Going to Mali — via Typo
MX Mixup: Russian-allied government can intercept “highly sensitive information”—because there’s no “I” in .ML ...
Cisco Nexus 9000 Users Must Disable Encryption to Dodge Vuln
There is no workaround or patch for a high-severity vulnerability—and none will be forthcoming—in Cisco’s Nexus 9000 series switches ...
Why Pentesting-as-a-Service is Vital for Business Security
Conducting regular penetration tests (pentests) is a proactive option that identifies, evaluates and mitigates risks ...