The LockBit 3.0 ransomware operation has recently launched, and the gang is starting a bug bounty program offering up to $1 million for vulnerabilities and various other types of information.  LockBit has been around since 2019. The LockBit 2.0…

Abnormal Security discovered that in January 2022, the number of business email compromise (BEC) attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional…

High-severity cybersecurity flaws discovered in OFFIS DCMTK software could lead to Remote Code Execution (RCE) if exploited, according to a recent advisory released by the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency…

An attack campaign targeting unpatched Microsoft Exchange Servers as an initial access vector to launch the ShadowPad malware is targeting entities in Afghanistan, Malaysia, and Pakistan. This activity has been attributed to a previously unknown Chinese-…

A new Android banking malware called Revive impersonates the two-factor authentication (2FA) application required to access BBVA bank accounts in Spain. Rather than infecting customers of various financial institutions, this Trojan has a more focused…

Because of the lack of a Common Vulnerability Enumeration (CVE) program, such as the one maintained by MITRE for publicly disclosed software security issues, organizations have traditionally struggled to track vulnerabilities in public cloud platforms…

Cybersecurity advancements made by the Georgia Tech Research Institute (GTRI) in collaboration with the US Navy could soon help strengthen protection for the Automated Identification System (AIS), which is used to track and identify commercial and…

The National Institute of Standards and Technology (NIST) has published the final version of Special Publication (SP) 800-219, called "Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)." This document delves into…

On Monday, a cyberattack temporarily knocked out public and private websites in Lithuania, with a pro-Moscow hacker group reportedly claiming responsibility.   A distributed-denial-of-service (DDOS) attack targeted a secure national data network.…

The US House of Representatives has recently passed a new cybersecurity bill named the “Industrial Control Systems Cybersecurity Training Act. Specifically, the Industrial Control Systems Cybersecurity Training Act would amend the Homeland Security Act…

Dr. Mythili Menon, assistant professor of English and linguistics and director of linguistics at Wichita State University (WSU), was recently awarded $296,470 as part of the National Science Foundation's Early-concept Grants for Exploratory Research (…

The UK government is urging the cybersecurity industry to submit feedback on new proposals to place new security requirements on app store operators and developers.  The consultation period for the plans ends at 11.45 pm BST on Wednesday, June 29,…