Cybersecurity’s Hiring Spree Requires a Recruiting Rethink
Widely reported shortages of trained cybersecurity professionals are driving the industry to try to come up with some with creative recruiting and training solutions. But it's complicated. At the very same time,...
Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text
Researchers are closely tracking a critical, newly disclosed vulnerability in Apache Commons Text that gives unauthenticated attackers a way to execute code remotely on servers running applications with the...
Disinformation Attacks Threaten US Midterm Elections
While traditional cyberattack operations against US government organizations have remained fairly consistent, influence and disinformation attacks by foreign nations have increased in the run-up to the US midterm elections.
On the...
Tactics Tie Ransom Cartel Group to Defunct REvil Ransomware
Although the REvil ransomware-as-a-service operation appeared to evaporate last October, analysts have found the group's influence is still considerable. Notably, threat researchers from Unit 42 reported finding connections between REvil activities...
Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows
Concerns over a critical authentication bypass vulnerability in certain Fortinet appliances heightened this week with the release of proof-of-concept (PoC) exploit code and at least one vulnerability scanner for...
Feature-Rich ‘Alchimist’ Cyberattack Framework Targets Windows, Mac, Linux Environments
Researchers have uncovered a potentially dangerous cyberattack framework targeting Windows, Linux, and Mac systems that they assess is likely already being used in the wild.The framework consists of a...
Novel npm Timing Attack Allows Corporate Targeting
A novel timing attack has emerged for targeting private corporate software packages hosted in the npm code repository. The idea is to uncover the legitimate offerings and then create...
Newly Introduced HackerOne Assets Goes Beyond Attack Surface Management To Close Security Gaps
SAN FRANCISCO, October 13, 2022: HackerOne, the leader in Attack Resistance Management, today announced the general availability of its HackerOne Assets product. Assets combines the core capabilities of Attack...
Cyberattackers Spoof Google Translate in Unique Phishing Tactic
Attackers are spoofing Google Translate in an ongoing phishing campaign that uses a common JavaScript coding technique to bypass email security scanners. Leveraging trust in Google Translate is a...
Nudge Security Launches Platform With Humans in Mind
After months of speculation and input from security, compliance, and IT operations professionals, Nudge Security has launched its new software-as-a-service (SaaS) platform with the promise of making the increasingly...