The International Information System Security Certification Consortium ((ISC)2) has made the findings of a new study public, revealing a significant increase in the shortage of cybersecurity experts. According to the 2022 (ISC)2 Cybersecurity Workforce…

Researchers from Claroty's Team 82 found a way to compromise the entire Siemens product lines by obtaining private encryption keys from Siemens industrial devices. Siemens began storing global hardcoded cryptographic keys a decade ago to ensure software…

When asking a smart home device for the weather forecast, the device takes several seconds to respond. One reason for this latency is that connected devices lack the amount of memory and power to store and run the massive Machine Learning (ML)…

Rapid7 recorded every attempt to compromise two common types of servers over a 12-month period using its honeypot network, discovering that the attempted credential attacks resulted in 512,000 permutations. Almost all of those passwords are found in a…

According to the first ever Interpol Global Crime Trend report, Cyber-related crimes such as money laundering, ransomware, and phishing pose the biggest threat to society.  The inaugural study was compiled from data received from the 195 member…

Open-source security is a major theme in enterprise security. Following a surge of software supply chain attacks against vendors such as SolarWinds and Colonial Pipeline, President Biden issued an Executive Order (EO) requiring organizations to develop…

Advocate Aurora Health informed 3 million patients of a data breach that may have exposed Protected Health Information (PHI). The breach was caused by the nonprofit health system's use of Google and Meta tracking pixels, which are widely used tools for…

Cisco is warning administrators of Cisco Identity Services Engine (ISE) solutions about two vulnerabilities that could be exploited to read and delete files on an affected device, as well as execute arbitrary scripts or access sensitive information. The…

Mandiant researchers are warning of a major shift from URSNIF's original purpose, with the malware now used to deliver next-stage payloads and steal sensitive data. The malware was initially used in banking fraud. The new variant, dubbed LDR4, was…

A BlackByte ransomware affiliate is quickly stealing data from compromised Windows devices using a new custom data-stealing tool called 'ExByte.' One of the most important functions in double-extortion attacks is data exfiltration. Ransomware operations…

Wordfence, a WordPress security company, announced that it began detecting exploitation attempts targeting the newly disclosed Apache Commons Text flaw on October 18, 2022. The vulnerability, CVE-2022-42889, also known as Text4Shell, has been assigned a…

As cybercrime incidents continue to rise, a consortium of research institutes, private enterprises, and universities has formed the Silhouette project to develop solutions for encrypting data in the optical domain that is considered safe from tampering…