Targeted Attack Activity Heightens Need for Orgs. to Patch New SolarWinds Flaw A China-based threat actor -- previously observed targeting US defense industrial base organizations and software companies -- is exploiting the bug in SolarWinds' Serv-U software, Microsoft says.
Microsoft Patches 3 Windows Zero-Days Amid 117 CVEs The July Patch Tuesday release also includes the out-of-band fix for the Windows Print Spooler remote code execution flaw under attack.
Kaseya Releases Security Patch as Companies Continue to Recover Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.
New Framework Aims to Describe & Address Complex Social Engineering Attacks As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.
The NSA's 'New' Mission: Get More Public With the Private Sector The National Security Agency's gradual emergence from the shadows was "inevitable" in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work with the private sector, especially organizations outside the well-resourced and seasoned Fortune 100.
New Phishing Campaign Targets Individuals of Interest to Iran TA453 group spoofed two scholars at University of London to try and gain access to email inboxes belonging to journalists, think tank personnel, academics, and others, security vendor says.
SolarWinds Discloses Zero-Day Under Active Attack The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.
AI and Cybersecurity: Making Sense of the Confusion Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you're a defender or an attacker.
Did the Cybersecurity Workforce Gap Distract Us From the Leak? Cyber games can play a critical role in re-engaging our workforce and addressing the employee retention crisis.
4 Integrated Circuit Security Threats and How to Protect Against Them Little-understood threats involving the IC supply chain are putting organizations around the world at risk.
The Trouble With Automated Cybersecurity Defenses While there's enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword.
CISA Analysis Reveals Successful Attack Techniques of FY 2020 The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.
How Dangerous Is Malware? New Report Finds It's Tough to Tell Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.
Morgan Stanley Discloses Data Breach Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.
