In the Fight Against Cybercrime, Takedowns Are Only Temporary
In November, 10 months after an international task force shut down Emotet's servers and infrastructure, the botnet came back online.
The new Emotet, which spread malware in a spurt of...
A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch
In a year bookended by the late-2020 SolarWinds supply chain attack and the widespread Log4j vulnerability, security teams have consistently juggled and prioritized an ongoing wave of threats. And...
CISA’s New Log4j Scanner Aims to Find Vulnerable Apps
The Cybersecurity and Infrastructure Security Agency (CISA) has released an open source scanner that businesses can use to find Web services vulnerable to Log4j remote code execution vulnerabilities CVE-2021-44228...
Nearly 50% of People Will Abandon Sites Prohibiting Password Reuse
Nearly half (48%) of users say it's "very likely" they would abandon a website when told a new password cannot be the same as their old password, according to research...
Microsoft Customer Source Code Exposed via Azure App Service Bug
Researchers discovered a security flaw in Azure App Service that exposed the source code of customer applications written in PHP, Python, Ruby, or Node that were deployed using "Local...
93% of Tested Networks Vulnerable to Breach, Pen Testers Find
The vast majority of businesses can be compromised within a month by a motivated attacker using common techniques, such as compromising credential, exploiting known vulnerabilities in software and Web...
Meta Files Federal Lawsuit Against Phishing Operators
In an unusual move, Facebook's parent company, Meta, has filed a federal lawsuit against the unknown operators of some 39,000 phishing websites that impersonated the login pages of Facebook,...
UK Security Agency Shares 225M Passwords With ‘Have I Been Pwned’
The UK's National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) have contributed 225 million new compromised emails and associated passwords with Have I Been Pwned (HIBP), a...
New Log4j Attack Vector Discovered
Organizations working to reduce exposure to attacks targeting the Log4j remote code execution (RCE) vulnerability disclosed Dec. 9 have a couple of new considerations to keep in mind.
Security...