According to new research from Accenture, the cybercrime underground has fractured into pro-Ukraine and pro-Russia camps.  The pro-Russia threat actors are increasingly focused on critical national infrastructure (CNI) targets in the West.  The…

After the Apache Foundation disclosed and fixed the Log4j vulnerability, over 4 in 10 downloads of the logging tool from the Maven Central Java package repository remained vulnerable versions. A dashboard launched by the Maven Central administrator…

Sander Zeijlemaker, a researcher at Radboud University, calls on companies to invest smarter rather than invest more to efficiently limit the risks of cyberattacks. Many organizations still mainly choose to invest based on past information. Zeijlemaker…

Researchers at Avanan have discovered evidence of a phishing campaign that uses a trick involving text color in an email. The phishing emails include text that is covered in white that hides from the end-user and evades phishing filters. This technique…

The US Securities and Exchange Commission (SEC) has proposed new rules designed to increase transparency around cybersecurity incident reporting.  The SEC wants listed companies to disclose a “material cybersecurity incident” within four business…

Security researchers at HackerOne have conducted a survey and found that enterprises are putting greater stock in cybersecurity, but outdated “security by obscurity” is still prevailing as companies wrestle with security awareness and shy away from bug-…

Spectre hardware design bugs in processors remain an issue as researchers at the security vendor VUSec have demonstrated how to revive the data leak vulnerability. According to the researchers, attackers can get around software fixes such as Retpoline…

Researchers at Mandiant have published a report describing an attack conducted by the China-affiliated state-sponsored cyberespionage group, APT41, also known as Winnti, Barium, Wicked Panda, or Wicked Spider. The group used Log4j vulnerabilities along…

Blockchain is a decentralized ledger technology that protects the integrity of transactions through digital signatures. Those who have looked into cryptocurrencies will be familiar with blockchain technology. The technology has been discussed in regard…

According to new research by N-able, nine in 10 (90%) managed service providers (MSPs) experienced a successful cyberattack in the past 18 months. The researchers also found that the number of attacks prevented by these organizations during this period…

The Finacial Crimes Enforcement Network (FinCEN) issued an alert advising all financial institutions to remain vigilant against potential efforts by Russia to evade the expansive sanctions.  FinCEN noted that one way this may be done is to move…

Developing highly secure but simple and inexpensive encryption to prevent data leakage and forgery is challenging. Therefore, a team of researchers has introduced a "double lock" method that encrypts data in a way that it can only be read at a specific…