Researchers at Astra Security found a critical bug for the popular WordPress plugin called Contact Form 7.  The critical bug allows an unauthenticated adversary to take over a website running the plugin or hijack the entire server hosting the…

There has been a significant increase in cyberattacks against public schools in the United States since the beginning of the 2020-21 school year. Federal cybersecurity officials expect these attacks to continue growing in frequency and sophistication.…

IBM Trusteer researchers report that hackers are using mobile emulators to spoof banking customers' mobile devices in order to steal millions of dollars from online banking accounts belonging to customers located in the U.S. and Europe. Mobile emulators…

Researchers at One Identity conducted a new survey of 1,216 IT security professionals. They found that 37 percent of the participants rated rapid changes in their AD/AAD environment as the key impact of COVID-19 on their organization’s identity…

Microsoft, FireEye, and GoDaddy have worked together to create a "killswitch" for SUNBURST, which is the malware distributed in the supply chain attack on SolarWinds' Orion IT management platform. This platform is used by several U.S. government agencies…

Researchers at Avast Threat Intelligence have recently identified malware existing in popular add-ons for Facebook, Vimeo, Instagram, and others commonly used in browsers from Google and Microsoft.  A total of 28 popular extensions for Google Chrome…

The Government Accountability Office (GAO) released a report revealing that most large agencies did not implement the National Institute of Standards and Technology's (NIST) Supply Chain Risk Management (SCRM) practices following closely after the…

Etay Maor, the Chief Security Officer (CSO) at the threat intelligence firm IntSights gave a presentation at the Black Hat Europe 2020 virtual event in which they emphasized the importance of knowing what the enemy knows when defending an organization…

Researchers at K2 cybersecurity have found that the past 12 months have seen a record number of CVEs published by the US authorities, which is the fourth year in a row the number of CVEs published has risen.  Last year, 17,306 CVEs were published,…

Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev in Israel, recently published a paper detailing a new technique to exfiltrate data from an air-gapped system. Air gapping is a security measure in which a computer or network…

Researchers at CyberAngel discovered that more than 45 million medical imaging files, including X-rays and CT scans, can be accessed on over 2,140 unprotected servers across the US, UK, Germany, and 64 other countries. These files include personally…

Researchers at the NYU Tandon School of Engineering developed an open-source tool called "in-toto" to bolster software supply chain security against cyberattacks. In-toto is a free and easy-to-use framework that cryptographically ensures the integrity of…