A prolific Chinese spy who tried to steal secrets from US aviation companies has recently been jailed for 20 years.  According to the Department of Justice (DoJ), Yanjun Xu, 42, rose to become deputy division director at the Ministry of State…

A server misconfiguration at a company that processes medical claims for correctional facilities exposed sensitive information on nearly 600,000 inmates. CorrectCare Integrated Health Inc. of Kentucky reported to the US Department of Health and Human…

The US Food and Drug Administration (FDA) and MITRE have published an updated version of their "Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook," which provides actionable strategies and resources for healthcare…

WASP malware uses steganography and polymorphism to avoid detection, with malicious Python packages designed to steal credentials, personal information, and cryptocurrency. Earlier this month, researchers from Phylum and Check Point reported finding new…

Specops Software published a study that examined the most common passwords used in live attacks against Remote Desktop Protocol (RDP) ports. This analysis coincides with the addition of more than 34 million compromised passwords to the Specops Breached…

MITRE Engenuity has released a new set of evaluations for Managed Security Service Providers (MSSPs), which could provide enterprise decision-makers with a useful resource to consult when choosing a provider. The key to gaining value from the information…

Iranian government-sponsored threat actors have been linked to the compromise of a US federal agency, which involved exploiting the Log4Shell vulnerability in an unpatched VMware Horizon server. The information was provided by the US Homeland Security…

As electric vehicles become more prevalent, so do the risks and hazards of a cyberattack on electric vehicle charging equipment and systems. Jay Johnson, an electrical engineer at Sandia National Laboratories (SNL), has been researching the…

Group-IB recently published a report detailing the activities of the "OPERA1ER" Advanced Persistent Threat (APT) group, which is known for spear phishing emails, but it is unique in that it targets less economically developed countries in Africa, Asia,…

The recent string of major supply chain and critical infrastructure attacks highlighted threat actors' willingness to target those systems and the importance of organizations planning for such attacks and being able to recover from them when they occur.…

Mozilla recently announced the release of Firefox 107.  The latest version of the popular web browser patches a significant number of vulnerabilities.  A total of 19 CVE identifiers have been assigned to the security holes patched by Firefox…

The US President's Council of Advisors on Science and Technology (PCAST) met on November 9 to hear expert opinions on how to better build a cyber-resilient digital infrastructure at the national level, with current government officials backing a…