Since the "Shamoon" virus rendered nearly 30,000 client and server systems at Saudi Aramco inoperable more than ten years ago, destructive wiper malware still remains a major threat to enterprise organizations. Max Kersten, a malware analyst at Trellix,…

New research from Mitiga, a cloud incident response company, reveals that hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing Personally Identifiable Information (PII). According to researchers, this kind of PII leakage…

Six papers from researchers affiliated with the Maryland Cybersecurity Center (MC2) were accepted for presentation at the 2022 Association for Computing Machinery Conference on Computer and Communications Security (ACM CCS). The annual conference gathers…

Computer scientists at the University of Guelph in Canada discovered that electronics repair services lack effective privacy protocols. In addition, the researchers found that technicians often snoop on customers' data. The team describes how they tested…

Time-Triggered Ethernet (TTE) is an example of a mixed-criticality network that can route traffic with varying levels of timing and fault tolerance requirements over the same set of hardware. Previously, spacecraft relied on one network to transmit…

On Tuesday, during a House Homeland Security Committee hearing on worldwide threats, FBI Director Christopher Wray told Congress he is “extremely concerned” that Beijing could weaponize data collected through TikTok, the wildly popular app owned by the…

According to researchers at Kaspersky, the backdoor DTrack, widely used by the North Korean Lazarus group over the last three years, is still being deployed to target organizations in Europe and the US.  DTrack has been used in financial…

According to a new Government Accountability Office (GAO) report, the Department of Defense (DOD) has not fully implemented its cyber incident management processes. The government watchdog also discovered flaws in data reporting and management. The DOD…

According to a new report published by the Center for Internet Security (CIS), the K-12 sector remains a top target for cyberattacks, despite the improvement of security capabilities over time. The CIS report reveals that the education sector lags behind…

Legacy Post Acute Care in California notified patients of a data breach between January 19 and March 3, 2022. In September, an unauthorized party accessed several employee email accounts over two months. Patient names, Social Security numbers, treatment…

Yakima Neighborhood Health Services ("YNHS") recently learned of a data security incident that may have impacted data belonging to certain current and former patients.  On October 4, 2022, a file containing certain individuals' personal and…

Security researchers at Varonis stated that an SQL injection vulnerability in Zendesk Explore could have allowed a threat actor to leak Zendesk customer account information.  Zendesk Explore is the analytics and reporting service of Zendesk, a…