Turn the Tables: Supply Chain Defense Needs Some Offense, Fortinet Says
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2016-20011PUBLISHED: 2021-05-25libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection....
Businesses Boost Security Budgets. Where Will the Money Go?
Most organizations plan to spend more on security, leaders say in a report that explores their toughest challenges, post-breach costs, and spending priorities.Businesses plan to invest more money in...
Your Network’s Smallest Cracks Are Now Its Biggest Threats
Bad actors have flipped the script by concentrating more on low-risk threats. Here's how to address the threat and the tactics.Before I joined Skybox in 2011, I specialized in...
Russian Sentenced to 30 Months for Running Criminal Website
FBI says sales from illicit online shop deer.io exceeded $17 millionA Russian citizen has been sentenced to 30 months in custody in the United States for allegedly running an online criminal...
MacOS Zero-Day Let Attackers Bypass Privacy Preferences
Apple has released security patches for vulnerabilities in macOS and tvOS that reports indicate have been exploited in the wild.Apple today released patches for zero-day flaws in macOS and...
Russia Profiting from Massive Hydra Cybercrime Marketplace
An analysis of Bitcoin transactions from the Hydra marketplace show that the operators are locking sellers into Russian exchanges, likely fueling profits for local actors.Sales on a Russian-language Dark...
Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks
Security researchers at Mandiant have seen an increasing wave of relatively simplistic attacks involving ICS systems - and attackers sharing their finds with one another - since 2020.The brazen hijack...
Cloud Compromise Costs Organizations $6.2M Per Year
Organizations reported an average of 19 cloud-based compromises in the past year, but most don't evaluate the security of SaaS apps before deployment.Cloud compromise is expensive, and its costs...
As Threat Hunting Matures, Malware Labs Emerge
By leveraging their analysis outputs, security pros can update detection rules engines and establish a stronger security posture in the process.While the practice of threat hunting is continuing to...
Sophos Research Uncovers Widespread Use of TLS By Cybercriminals
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2021-30108PUBLISHED: 2021-05-24Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url,...
