VMware patched three vulnerabilities in various products, including a virtual machine escape flaw exploited at the GeekPwn 2022 hacking competition and tracked as CVE-2022-31705. Yuhao Jiang, an Ant Security researcher, demonstrated a working exploit for…

According to the Department of Defense (DOD) CIO John Sherman, the Pentagon plans to implement a zero trust architecture across its entire enterprise by 2027. The goal is to have zero trust deployed across most of the DOD's enterprise systems. Sherman…

Fuzzware is a new system developed by researchers at Ruhr University Bochum's Horst Görtz Institute for Information Technology (IT) Security that specializes in analyzing embedded systems, which are minicomputers found in smart light bulbs, intelligent…

Bug bounty platform HackerOne recently found that ethical hackers have identified and reported more than 65,000 software vulnerabilities in 2022.  The popular hacker-powered platform, which hosts bug bounty programs for both private and public…

Enduring Security Framework (ESF) partners, in collaboration with experts from the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA), published an assessment of potential threats associated with 5G network slicing…

According to the new Xfinity Cyber Health Report from Comcast, 78 percent of Americans engage in risky online behaviors that expose them to cyber threats, such as reusing or sharing passwords, skipping software updates, and more, which is a 14 percent…

TPG Telecom, an Australian telecommunications company, has been hit by a cyberattack that has put the data of 15,000 customers at risk. On December 13, Mandiant notified the company that it had discovered evidence of unauthorized access to a hosted…

German software maker SAP recently announced the release of 14 new and five updated security notes as part of its December 2022 Security Patch Day, including four notes that address critical vulnerabilities in Business Client, BusinessObjects, NetWeaver…

Google recently announced a Chrome update that resolves eight vulnerabilities in the popular browser, including five reported by external researchers.  All five security defects are use-after-free flaws, a type of memory safety bug that has been…

The UK's financial regulator has recently warned of an increase in scams promising non-existent loans as fraudsters look to pressure consumers struggling to make ends meet before Christmas.  The Financial Conduct Authority (FCA) polled 2000 UK…

Businesses and homeowners are increasingly relying on Internet Protocol (IP) cameras for surveillance. However, this gives them a false sense of security because threat actors can access and monitor a user's camera feed and use the unsecured device to…

Apple has confirmed that a two-week-old iPhone software update fixed a zero-day security vulnerability, which it now says was actively exploited. The update, iOS 16.1.2, was released on November 30 to all supported iPhones, including the iPhone 8 and…