Researchers warn of a new critical vulnerability in Apache OFBiz, an open-source enterprise resource planning (ERP) system and framework. The flaw potentially allows for remote code execution (RCE) without authentication…
Researchers from the Graz University of Technology have discovered a way to convert a limited heap vulnerability in the Linux kernel into a malicious memory writes capability to demonstrate novel…
A US technology contractor has exposed the data of 4.6 million voters and election documents from multiple counties in Illinois, raising serious concerns about election security and voter privacy. The…
With use of multi-factor authentication rising, end-users can find themselves fiddling with codes and authentication apps frequently throughout their days. For those who rely on Microsoft Authenticator, the experience can…
As organizations increasingly seek to support and secure more remote network connections, many are rethinking the traditional VPN. Many VPN alternatives exist to help secure remote access — mesh VPNs…
Cybercriminals regularly abuse free services to host malware or to set up command-and-control (C2) infrastructure because they know connections to such services won’t raise suspicion inside networks. Such is the…
Enterprise cybersecurity protections are failing to keep pace with the evolving threat landscape, which now includes everything from the weaponization of AI to state-sponsored hacking groups to the metastasizing of…
In what is being lauded as a historic feat, the Biden administration, on Thursday, concluded a prisoner swap with the Kremlin, as part of an exchange deal that involved five…
Nowadays all major operating systems and software programs receive automatic security updates that help users secure their systems against the barrage of vulnerabilities discovered every month. But this is still…
The vast global Domain Name System (DNS) is so fundamental to the way the web works that service providers and their customers are sure to configure and manage it carefully.…
Everyone knows now how a flawed update crashed 8.5 million computers running the Windows version of CrowdStrike’s Falcon cybersecurity software — but what does the failure of one company’s software…
Reports that a Fortune 50 company paid a $75 million ransom to the Dark Angels ransomware group back in March is raising questions about whether CISOs should revisit their ransomware…
C-Edge Technologies — a State Bank of India (SBI) and Tata Consultancy Services (TCS) joint venture — has suffered a ransomware attack, disrupting payment systems in nearly 300 small banks…
Rules implemented in 2023 by the US Securities and Exchange Commission (SEC) regarding risk management, strategy, governance, and incident disclosure have raised important considerations for security leaders of public companies…
The adoption of passkeys, a passwordless technology for authenticating user access to cloud-hosted applications, is continuing its upward trend, findings released this week from password manager maker Dashlane reveal. While…