Microsoft investigating 2 zero-day vulnerabilities in Exchange Server

One vulnerability is a server-side request forgery, while the second allows remote-code execution when an attacker has access to PowerShell. 

By David Jones • Sept. 30, 2022

Strict security rules could push open source community out of federal work, expert says

Agency CISOs and development experts say federal agencies need to work collaboratively with open source community contributors.

By David Jones • Sept. 27, 2022

Organizations rapidly shift tactics to secure the software supply chain

Synopsys’ 13th annual BSIMM study shows rapid increases in automation and use of SBOMs among software producers and other organizations.

By David Jones • Sept. 22, 2022

White House guidance on third-party software seen as a major test of cyber risk strategy

The U.S. hopes that by forcing software producers to meet a set of minimum security standards for federal use, a new baseline strategy will be adopted industrywide. 

By David Jones • Sept. 19, 2022

Researchers warn older D-Link routers are under threat from Mirai malware variant

Attackers are leveraging vulnerabilities in the devices to build botnets and launch DDoS attacks, according to Palo Alto Networks research.

By David Jones • Sept. 8, 2022

CISA Director: Tech industry should infuse security at product design stage

Agency director Jen Easterly outlined a push for faster incident reporting and closer industry collaboration.

By David Jones • Sept. 7, 2022

Feds push for developers to take lead in securing software supply chain

The guidelines from CISA and the NSA come amid a growing movement to “shift left” and evaluate software security earlier in the development cycle. 

By David Jones • Sept. 2, 2022

SaaS sprawl amps up security challenges amid heightened risk

Two-thirds of businesses say they're spending more on SaaS applications year over year, Axonius data shows.

By Roberto Torres • Sept. 1, 2022

Growing cyber risks add to hospital cost squeeze, Fitch cautions

Cyber risk mitigation is becoming more expensive, but with hospitals' cost pressures mounting, spending on security may not be a priority, the ratings agency said.

By Susan Kelly • Aug. 31, 2022

Slack enhances platform security amid rapid expansion and heightened risk

The enterprise messaging platform has faced increased customer concerns about security and privacy.

By David Jones • Aug. 31, 2022

Google tackles open source security with vulnerability rewards program

The program follows a surge in supply chain attacks impacting the open source software ecosystem.

By David Jones • Aug. 30, 2022

How does Privileged Access Management work?

The model is a framework to help you set the right PAM foundation and get your organization on the PAM journey, now and in the future.

Aug. 29, 2022

Researchers say Cisco firewall software remains vulnerable to attack despite patch

Rapid7 researchers also warn only a very small percentage of users have applied updates.

By David Jones • Aug. 26, 2022

Threat actors again target critical SAP ICMAD vulnerabilities

CISA added the most critical SAP vulnerability to its Known Exploited Vulnerabilities Catalog last week.

By David Jones • Aug. 23, 2022

Media companies at high risk of malicious cyberattack: Report

The media industry is highly dependent on third-party vendor relationships and is often slow to respond to vulnerabilities, BlueVoyant research found.

By David Jones • Aug. 22, 2022

DigitalOcean, caught in Mailchimp security incident, drops email vendor

An attack on the email marketing firm raises questions about the continued risk of a supply chain compromise. 

By David Jones • Aug. 17, 2022

The same old problems nag cybersecurity professionals

Technical complexities abound as the perceived level of risk rises in an unrelenting fashion.

By Matt Kapko • Aug. 17, 2022

How attackers are breaking into organizations

Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.

By Matt Kapko • Aug. 15, 2022

Log4j was the right incident for inaugural review, safety board says

The Cyber Safety Review Board worked with 80 different global stakeholders to better understand the Log4j incident — and its downstream potential. 

By David Jones • Aug. 11, 2022

Businesses boost software supply chain security, but strategies remain fragmented

A study by the Enterprise Strategy Group shows more than one-third of organizations have been exploited by a known open source vulnerability.

By David Jones • Aug. 9, 2022

Twitter vulnerability risk resurfaces, testing the security of pseudonymous users

A threat actor learned of the vulnerability, which allowed an account identity to be exposed by entering a simple email or phone number.

By David Jones • Aug. 8, 2022

Slack resets passwords en masse after invite link vulnerability

The bug, which went undetected for five years, impacts at least 60,000 users but likely more.

By Matt Kapko • Aug. 5, 2022

VMware discloses new authentication bypass vulnerability

The virtualization giant advised customers to immediately deploy patches and said it’s not aware of any exploitation in the wild.

By Matt Kapko • Aug. 2, 2022

Most cyberattacks come from ransomware, email compromise

Attackers are scanning for vulnerabilities in unpatched systems within 15 minutes, stressing the pace and scale of the threat.

By Matt Kapko • Aug. 1, 2022

Threat actors shifting tactics as Microsoft blocks, unblocks and reblocks macros

Proofpoint researchers say criminal hackers are turning to container files and Windows shortcuts to distribute malware.

By David Jones • July 29, 2022