The United States Federal Bureau of Investigation issued a flash warning Thursday over the exploitation of Fortinet vulnerabilities by advanced persistent threat (APT) groups.  According to the FBI, an APT actor group has been exploiting a FortiGate…

The cybercriminal group behind the notorious SolarWinds attack is at it again with a sophisticated mass email campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious activities.…

Researchers at Trend Micro conducted a new study where they polled 2300 cybersecurity decision-makers that run Security Operations Centers (SOCs) or SecOps from within their iT security function.  The researchers found that nearly three-quarters of…

Visit the Hints page to solve the Puzzle in the May 2021 edition of Science News magazine. You can solve the puzzle using paper and pencil. (You do not need to write code!) If you're successful, you will have the words that answer the…

Canada's primary postal operator, Canada Post, confirmed Wednesday that it had suffered a data breach.  The security incident occurred following a cyberattack on one of the Crown corporation's suppliers, Commport Communications, which provides…

In a new study, researchers at Imperva found that the volume of compromised records globally has increased on average by 224% each year since 2017.  There were more records reported as compromised in January 2021 alone (878 million) than for the…

Columbia Engineering researchers have developed SeKVM, the first formally verified system that guarantees the security of virtual machines in the cloud. Formal verification is a process that proves the mathematical correctness of software, correct…

An interdisciplinary team of researchers from the Researchers from Imperial and Imperial College London (ICL), Technical University Munich (TUM)), and the non-profit organization OpenMined developed new technology to protect personal patient data while…

Apple has patched a vulnerability, discovered by Jamf researchers, that malware actors have been exploiting to circumvent the Transparency Consent and Control (TCC) framework. The evasion of this framework allows the actors to take screenshots of an…

SoS Musings #49 - 911: We Have a Cybersecurity Emergency  

Cyber Scene #56 - Part Deux: Cyber Climate Change with Chinese Characteristics  

Bose has told regulators that a sophisticated ransomware attack back in March led to unauthorized access of personal information on current and former employees.  The company first detected the ransomware back on March 7, 2021. However, nearly two…