MITRE Engenuity has released a new set of evaluations for Managed Security Service Providers (MSSPs), which could provide enterprise decision-makers with a useful resource to consult when choosing a provider. The key to gaining value from the information…

Iranian government-sponsored threat actors have been linked to the compromise of a US federal agency, which involved exploiting the Log4Shell vulnerability in an unpatched VMware Horizon server. The information was provided by the US Homeland Security…

As electric vehicles become more prevalent, so do the risks and hazards of a cyberattack on electric vehicle charging equipment and systems. Jay Johnson, an electrical engineer at Sandia National Laboratories (SNL), has been researching the…

Group-IB recently published a report detailing the activities of the "OPERA1ER" Advanced Persistent Threat (APT) group, which is known for spear phishing emails, but it is unique in that it targets less economically developed countries in Africa, Asia,…

The recent string of major supply chain and critical infrastructure attacks highlighted threat actors' willingness to target those systems and the importance of organizations planning for such attacks and being able to recover from them when they occur.…

Mozilla recently announced the release of Firefox 107.  The latest version of the popular web browser patches a significant number of vulnerabilities.  A total of 19 CVE identifiers have been assigned to the security holes patched by Firefox…

The US President's Council of Advisors on Science and Technology (PCAST) met on November 9 to hear expert opinions on how to better build a cyber-resilient digital infrastructure at the national level, with current government officials backing a…

Security researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products.  The researchers reported their findings to the vendor in mid-August and disclosed details on…

INKY Technology researchers have detailed a new image-based phishing scam that uses brand impersonation to encourage victims to call the scammers rather than click on a link or download a file. The researchers observed malicious actors using an image-…

Carnegie Mellon University's (CMU) picoCTF for the National Security Agency (NSA) GenCyber Teacher Program is designed for local tri-state area high school computer science teachers in grades 10 through 12. The program will demonstrate to teachers how to…

Google recently announced plans to roll out Android Privacy Sandbox in beta starting early next year, delivering a more private advertising experience to mobile users.  The initiative was initially announced in February, with the developer preview…

In order to help defend against malicious attacks, next-generation electronic devices may include enhanced security systems built directly into their circuitry. According to KAUST researchers, protective "logic locks" based on an advanced branch of…