The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and Office of the Director of National Intelligence (ODNI) have released Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. The…

Researchers at Orca Security discovered a critical vulnerability in Azure Cosmos DB, a Microsoft-owned NoSQL database used for app development, in which authentication checks were missing from Cosmos DB Notebooks. According to the researchers, the "…

A now-patched vulnerability in Samsung's Galaxy Store app could have resulted in remote command execution on affected phones. The flaw is a cross-site scripting (XSS) bug that can be triggered when certain deep links are handled. The flaw affected Galaxy…

Bed Bath & Beyond recently revealed in an SEC filing that it suffered a data breach after an employee fell victim to a phishing attack.  The retailer has only shared a few details as the investigation is ongoing.  The company stated that it…

Organizations' security postures have significantly matured in response to Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity threats. According to the SANS 2022 OT/ICS Cybersecurity Report, a Nozomi Networks-sponsored SANS…

Netwrix released additional findings from its global 2022 Cloud Security Report for the healthcare sector, revealing that 61 percent of respondents in the healthcare industry experienced a cyberattack on their cloud infrastructure in the previous 12…

According to a new report, hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000. The findings come from the Israeli cyber-intelligence firm KELA, which published its Q3 2022 ransomware report,…

Aurubis, a global recycler and provider of copper, has assured its customers that a cyberattack on October 28 did not halt production, but it did temporarily shut down the entire company's systems. According to the Aurubis corporate website, the company…

ConnectWise, an IT service management software platform, has released software patches to address a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The vulnerability, defined as the neutralization of Special Elements in…

Back in July, the Adrastea threat actor group announced a data breach affecting MBDA, a European missile manufacturer having ties to NATO.  At the time, the company promptly refuted the claims, saying that while some files were stolen, MBDA was not…

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

The ability of an organization to protect its most sensitive data comes down to ensuring that all of its bases are covered, which is difficult to do when the foundation is weak. Traditionally, the cybersecurity industry has focused on identifying and…