Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities...

CVEMap is an open-source command-line interface tool that allows you to explore Common Vulnerabilities and Exposures. Security experts, who must be constantly alert to thwart adversaries seeking any vulnerability, are distracted by the sheer volume of CVEs.

As organizations handle increasing amounts of data daily, AI offers advanced capabilities that would be harder to achieve with traditional methods. In this Help Net Security video, Tyler Young, CISO at BigID, explores AI's challenges, triumphs, and future in cybersecurity.

"As the risk of vendor payment fraud grows, so does the need to automate bank account validations and embed them into your daily processes. It's essential for winning the fight against fraud and ensuring payments are sent to the correct parties." 75% of C-level finance and treasury leaders say they'd stop doing business with an organization that fell victim to payment fraud and lost their payment.

Asset Visibility helps customers become more proactive within their security program, helping them uncover assets that need protection, validate that the expected endpoint security controls are in place and working, and identify areas of risk exposure due to gaps in security coverage. Dasera expands data security posture management capabilities to Microsoft 365.

Chinese attackers are preparing to "Wreak havoc" on American infrastructure and "Cause societal chaos" in the US, infosec, and law enforcement bosses told a US House committee on Wednesday. The hearing coincided with the FBI's confirmation that it obtained search warrants and issued a remote kill command to wipe Volt Typhoon's botnet after the Chinese crew infected hundreds of end-of-life routers and attempted to break into American critical infrastructure targets.

A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. The attackers hide these payloads in plain sight, placing them in forum user profiles on tech news sites or video descriptions on media hosting platforms.

Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks. The...

The police in Saxony, eastern Germany, have seized 50,000 Bitcoin from the former operator of the pirate site movie2k. As the police announced, one of the two suspects voluntarily transferred Bitcoin to the Federal Criminal Police Office.

Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. Cyber threat hunting is a proactive security strategy that seeks to identify and eliminate cybersecurity threats on the network before they cause any obvious signs of a breach.