Application development can be related to Newton's Third Law of Motion, which states that for every action, there is an equal and opposite reaction. Developers want to develop, but it appears that whenever they want to do so, application security teams…

Security researchers at Trend Micro have discovered that 32% of global organizations have had customer records compromised multiple times over the past 12 months as they struggle to profile and defend an expanding attack surface.  The researchers…

According to a leading technology official, employee training must continue to evolve to keep up with cybercriminals' new tactics if state governments are to stay ahead of the latest phishing threats. Hemant Jain, CISO at the Indiana Office of Technology…

According to Synopsis research, 78 percent of code in codebases is open-source. Of the codebases, 81 percent have at least one vulnerability. When the code is left untouched for two years with no feature updates, that figure rises to 88 percent. Open-…

Security researchers at Trend Micro's Zero Day Initiative (ZDI) have published details and proof-of-concept (PoC) code for a macOS vulnerability that could be exploited to escape a sandbox and execute code within Terminal.  Tracked as CVE-2022-26696…

Ten individuals have recently been charged with a series of business email compromise (BEC) and money laundering offenses, in which they allegedly defrauded Medicaid, Medicare, and private health insurance programs to the tune of over $11m.  The…

"Securing the Software Supply Chain for Customers" guidance has been published by the National Security Agency (NSA) and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). The Enduring Security Framework (ESF…

Palo Alto Networks Inc.'s Unit 42 released a new report detailing the rise of a ransomware group that has invested in call centers and infrastructure to target individual victims. Luna Moth, also known as the Silent Ransom Group, has been active since…

The intelligence research and applications team at Google Cloud has developed and released a set of 165 YARA rules to help defenders in identifying Cobalt Strike components deployed by attackers. According to Greg Sinclair, a security engineer with the…

In addition to encrypting victims' files and requesting a ransom payment, the new "AXLocker" ransomware family also steals infected users' Discord accounts. Discord sends back a user authentication token saved on the computer when a user logs in with…

There are 34 different hacked release versions of the Cobalt Strike tool, the first of which was shipped in November 2012. Google Cloud has revealed that it discovered these versions in the wild. The Google Cloud Threat Intelligence (GCTI) team found…

As data is increasingly shared and stored digitally, data breaches grow. Scientists are exploring the development of novel methods for securing and protecting data from cyberattacks. Researchers at the Singapore University of Technology and Design (SUTD…