The makers of the popular password manager LastPass have announced that an unauthorized party gained access to portions of the LastPass development environment via a single compromised developer account, taking portions of source code and some…

According to new research, over 80,000 Hikvision surveillance cameras worldwide are vulnerable to an 11-month-old command injection flaw. Hikvision, short for Hangzhou Hikvision Digital Technology, is a Chinese state-owned video surveillance equipment…

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework as a replacement for Cobalt Strike in their intrusion campaigns. Because of the popularity of Cobalt Strike as an attack tool, defenses…

There are organizations that use Machine Learning (ML) and Artificial Intelligence (AI) algorithms to analyze massive amounts of browsing data, social network data, location data, voice data, and contact information that people share through their…

The COVID-19 pandemic has forced educational institutions to quickly transition to remote learning and exam taking, thus leading to an increase in the use of online proctoring services, such as restricted browser modes, video/screen monitoring, local…

Cisco recently announced patches for two vulnerabilities impacting the NX-OS software that powers its Nexus-series business switches.   The first of these issues is tracked as CVE-2022-2082 and affects the OSPF version 3 (OSPFv3) feature of NX-OS.…

Dr. Lisa Kohl is an expert cryptographer at Centrum Wiskunde & Informatica (CWI), the Netherlands' national mathematics and computer science research institute. She and her colleagues are looking for new ways to keep people safe online. Kohl's…

According to the latest Trustwave SpiderLabs Telemetry report, six months after the Log4Shell vulnerability was disclosed, vulnerable instances are still accessible on the Internet, with threat actors still trying to exploit them. The report reveals that…

Security researchers from Microsoft Threat Intelligence Center (MSTIC) have discovered a new, post-compromise capability allowing a threat actor to maintain persistent access to compromised environments.  Dubbed "MagicWeb," the capability has been…

According to a new report from the cybersecurity solutions provider Fortinet, the number of new ransomware variants nearly doubled in the first half of 2022, and attackers are increasingly leveraging zero-day vulnerabilities. The company's FortiGuard…

Security researchers at NCC Group have found that ransomware cases jumped 47 percent amid a rise in attacks involving newer strains of malicious software infecting targets.  The researchers noted that reported incidents increased to 198 in July from…

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) is advising critical infrastructure organizations to prepare to protect their systems from powerful quantum decryption algorithms as public and private…