9 New Microsoft Bugs to Patch Now
78 new CVEs patched in this months batch — nearly half of which are remotely executable and three of which attackers already are exploiting.
Configuration Issues in SaltStack IT Tool Put Enterprises at Risk
Researchers flag common misconfiguration errors and a template injection technique that could let an attacker take over the IT management network and connected systems.
Why SecDataOps Is the Future of Your Security Program
The goal: Ensure that data is always finely curated and accessible, and that security decisions get made with high-fidelity data.
Embattled VMware ESXi Hypervisor Flaw Exploitable in Myriad Ways
Its not just Internet-accessible hosts that are vulnerable, researchers say.
Healthcare in the Crosshairs of North Korean Cyber Operations
CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.
Reddit Hack Shows Limits of MFA Strengths of Security Training
A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security.
Trickbot Members Sanctioned for PandemicEra Ransomware Hits
The US Treasury Department linked the notorious cybercrime gang to Russian Intelligence Services because cyberattacks that disrupted hospitals and other critical infrastructure align with Russian state interests.
MagicWeb Mystery Highlights Nobelium Attackers Sophistication
The authentication bypass used by the Nobelium group, best known for the supply chain attack on SolarWinds, required a massive, real-time investigation to uncover, Microsoft says.
Attacker Allure A Look at the Super Bowls Operational CyberRisks
Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.
NewsPenguin Goes Phishing for Maritime Military Secrets
A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.