The need for new authentication methods that do not require a person's full face to be visible has emerged in the post-COVID world of face coverings and amplified hygiene awareness. According to new research from the University of Georgia, people may…

The UK government has announced plans for a code of practice to strengthen app security across the app market. The new voluntary code aims to better protect users from malicious apps available on app stores such as Google Play and Apple's App Store. The…

According to a recent Maine Attorney General data breach notification, more than 2.5 million student loan accounts were compromised in the summer of 2022. The breach targeted Nelnet Servicing, a servicing system and web portal provider for the Oklahoma…

A newly discovered dark web service allows cybercriminals to easily add malware to legitimate applications. ThreatFabric researchers detailed "Zombinder," which was discovered while investigating several cases of threat actors employing Ermac, a type of…

The Department of Health and Human Services (HHS) Cybersecurity Coordination Center has been made aware of targeted cyberattacks against the healthcare sector since the emergence of the human-operated ransomware threat group known as Royal in September.…

The National Security Agency's (NSA) Joint Federated Assurance Center (JFAC) Hardware Assurance Lab has made four Cybersecurity Technical Reports publicly available to help the Department of Defense (DOD) in protecting Field-Programmable gate array (FPGA…

Mordechai Guri, a cybersecurity researcher from the Ben-Gurion University of the Negev in Israel who specializes in air gap jumping, has recently released a paper detailing yet another method that can be used to stealthily exfiltrate data from systems…

Trend Micro’s Zero Day Initiative (ZDI) recently announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.  On the third day of the event, participants earned $253,500 for hacking…

Security researchers at Censys have discovered that more than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability.  Touted as the most widely deployed SSL VPN solution, Pulse Connect Secure provides…

Researchers from the security firm Pentera discovered that common misconfigurations in how Domain Name System (DNS) is implemented in an enterprise environment can put air-gapped networks and the high-value assets they are designed to protect at risk of…

The PCI Security Standards Council (PCI SSC) has released version 1.2 of the PCI Secure Software Standard as well as the supporting program documentation. The PCI Secure Software Standard is one of two PCI Software Security Framework (SSF) standards. The…

Cisco has disclosed a critical vulnerability that could enable Remote Code Execution (RCE) and Denial-of-Service (DoS) attacks on its latest generation of IP phones. The company warned that its Product Security Incident Response Team (PSIRT) is aware of…