Security Bloggers Network

Google is rolling out a red team charged with testing the security of AI systems by running simulated but realistic attacks to uncover vulnerabilities or other weaknesses that could be exploited by cybercriminals ...

Storm-0558 Breaks: Satya and Pooh, sitting in a tree, K.I.S.S.I.N.G ...

Security flaws in connected devices and the IoT are plaguing the digital landscape, impacting a broad range of industries ...

Earlier this month, Rambler Gallo pled not guilty to charges that he attempted to sabotage the water treatment facility in Discovery Bay, California. The facility provides treatment for the water and wastewater systems for the town’s 15,000 residents. An unsealed federal court indictment showed Gallo logged into the Supervisory Control and Data Acquisition (SCADA) network ...

The Lazarus Group is behind a social engineering campaign that uses repository invitations and malicious npm packages to target developers on GitHub ...

Dell Technologies added orchestration capabilities to its data protection software that makes it simpler for IT teams to schedule backup ...

Two banks earlier this year were the targets of open source supply chain attacks, the first of their kind in the industry ...

Kevin is Free: Hackers’ hacker dies, aged 59 ...

As cleantech becomes a bigger part of U.S. critical infrastructure, it faces a bigger risk from cyberattackers leveraging quantum attacks ...

Miscreants have ramped up their use of QR codes to phish for credentials, according to INKY threat researchers ...

Legislation that would ban law enforcement and federal agencies from buying consumer data from data brokers without a warrant is on its way to the full House ...

A new peer-to-peer (P2P) worm, P2PInfect, is spreading across instances of the Redis open source database software in the cloud ...

While technology still plays a vital role in job success, it's just as essential for a CISO to foster a strong security culture ...

Generative AI can be used to amplify cybercriminals' nefarious deeds against web applications, especially those that rely heavily on APIs ...

A threat actor that goes by the name of “La_Citrix” inadvertently infected his own computer. Cyberthreat research firm sent his information on to law enforcement ...

Distributed DDoS attacks are becoming increasingly sophisticated and complex, making an already-expanding threat landscape even more challenging ...

European cousins Intellexa and Cytrox essentially banned by Commerce Dept. — Predator/ALIEN not welcome in U.S ...

PingSafe today emerged from stealth to launch a cloud-native application protection platform (CNAPP) based on an engine that both detects vulnerabilities that cybercriminals might potentially exploit and enables cybersecurity teams to simulate cyberattacks. Fresh from raising $3.3 million in seed funding, PingSafe CEO Anand Prakash said the Offensive Security Engine provides cybersecurity teams with the ...

PCI-DSS 4.0 was released in early 2022 with a two-year transition period to allow organizations time to learn about and implement it. Are you ready for the transition? ...

Current LLM-based tech like ChatGPT can accurately classify malware risk in only 5% of cases—and they may never be able to recognize novel approaches used to create malware ...

Russia’s war strategy increasingly involves cybersecurity, with the country expected to ramp up attacks on critical infrastructure in Ukraine and countries that are members of NATO, according to Switzerland’s Federal Intelligence Service (FIS). “The war in Ukraine represents a threat with partially global implications for critical infrastructure. Critical infrastructure outside the war zone could also ...

The U.S. government is giving federal agencies three weeks to mitigate a zero-day Microsoft Windows and Office security flaw exploited by the Russian-linked RomCom threat group ...

The Biden administration unveiled a cybersecurity certification and labeling program that will make it easier for enterprises and consumers to see which smart devices are more secure and less vulnerable to attacks ...

VIPRE's Email Threat Trends Report for Q1 2023 analyzed 1.8 billion emails to provide a comprehensive understanding of contemporary email threats ...

The advent of AI made identity the most-targeted part of the attack surface. But without AI, identity is a sitting duck ...

Microsoft is getting ready to muscle its way into the burgeoning security service edge (SSE) space, but it may have some catching up to do ...

Red Menshen is an APT group that is rapidly evolving its BPFDoor backdoor malware that targets systems running Linux or Solaris ...

MX Mixup: Russian-allied government can intercept “highly sensitive information”—because there’s no “I” in .ML ...

AI-enabled zero-trust solutions can help address the rising threat of mobile malware ...

There is no workaround or patch for a high-severity vulnerability—and none will be forthcoming—in Cisco’s Nexus 9000 series switches ...

Conducting regular penetration tests (pentests) is a proactive option that identifies, evaluates and mitigates risks ...

Identity-based attacks are a growing concern for organizations of all sizes and industries. Here’s how to protect yourself ...

A SlashNext report detailed how cybercriminals use generative AI capabilities to launch phishing and BEC attacks in greater volume ...

After a ransomware attack shuttered operations at container terminals at the Port of Nagoya in Japan, the Lockbit 3.0 ransomware gang claimed responsibility and demanded the port pay up. The attack on the port, which is responsible for 10% of the country’s cargo trade and is used by companies like Toyota Motor Corporation, was attacked ...

Microsoft revealed its Azure Active Directory (Azure AD) enterprise identity service will be rebranded Entra ID, a change that will occur by the end of the year ...

Storm-0558 Brewing: Multiple Microsoft failures cause data leaks at State and Commerce depts., plus 23 other orgs ...

Safe Security acquired RiskLens, a pioneer in the development of the Factor Analysis of Information Risk (FAIR) quantification standard for assessing cybersecurity risk ...

Here's how credentialed insider attacks work and how to avoid situations where user negligence can lead to successful attacks ...

Current and former contractors and employees at Pepsi Bottling Ventures LLC (PBV) were victims of a security incident that exposed their personal information ...

NETSCOUT Systems is is dynamically applying machine learning algorithms to combat distributed denial-of-service (DDoS) attacks ...

Here's how CISOs can look at cybersecurity through a capital efficiency lens without unacceptably growing risk—to the organization and their own jobs ...

A SpyCloud report found more than half of respondents are extremely concerned about their ability to thwart attacks that exfiltrate authentication data ...

Complexity is the enemy of security. Akamai’s Steve Winterfeld explains what to do to combat complexity in cybersecurity ...

AI is a crucial ally in proactively identifying and addressing hybrid cloud threats, streamlining compliance processes and establishing robust governance frameworks ...

The White House cybersecurity budget priorities include strengthening the software supply chain, protecting critical infrastructure and defense against ransomware ...

Advanced endpoint protection, often referred to as AEP, is a comprehensive cybersecurity solution designed to protect an organization’s endpoints, such as desktops, laptops and mobile devices, from various types of cybersecurity threats. This includes malware, ransomware protection, phishing attacks and more. AEP goes beyond traditional antivirus software by using artificial intelligence (AI), machine learning and ...

One of the more difficult tasks for a cybersecurity professional—from the CISO to the person responsible for log management in the SOC—is to convey the importance of security, compliance and governance to those within the company who aren’t cybersecurity professionals. The biggest problem comes at the board level, according to David Ellis, SecureIQLab’s VP of ...

PV OT: VPN PDQ! 9.8 CVSS known since May 2022—but still exploitable on 400+ net-connected OT/ICS/SCADA systems ...

There's a growing likelihood for catastrophic cyberattacks on vehicles that could disable brakes, take over steering and even steal personal information ...

To get ahead of the adversaries in this new AI age, cybersecurity research into new generative AI attacks and defenses must be further along ...