A researcher at the University of Kansas School of Engineering received the Faculty Early Career Development (CAREER) Program award from the National Science Foundation (NSF) in support of investigating how to improve the effectiveness of Security…

The Open Source Security Foundation (OpenSSF) has announced the Alpha-Omega Project, which is aimed at helping maintainers of the most critical open source projects identify and fix security vulnerabilities in their code, and improve their security…

A team of researchers at the University of Texas at San Antonio (UTSA) is delving into the prevention of software security vulnerabilities through a new automated approach. They sought to develop a deep learning model capable of teaching software how to…

In an interview, FBI Director Christopher Wray stated that the sheer scale of Chinese efforts to steal U.S. technology shocked him when he became FBI director in 2017.  Wray noted that the FBI is opening a new China related counter-intelligence…

A data breach at the state agency that operates Rhode Island’s public bus service compromised the personal information of about 22,000 people.  The Rhode Island Public Transit Authority (RIPTA) recently disclosed that of those affected, 5,000…

BlackCat is the latest ransomware threat that is growing in popularity on underground forums as the group has made progress in the Ransomware-as-a-Service (RaaS) cybercriminal marketplace. The BlackCat group has been found offering 80 to 90 percent of…

Researchers at Binarly identified 23 high-severity vulnerabilities in UEFI firmware code used by the world's largest device makers. These vulnerabilities could impact millions of laptops, servers, routers, network appliances, Industrial Control Systems (…

Security researchers at Spirion have discovered that Social Security Numbers (SSN) are the type of sensitive data most commonly targeted in data breaches in the United States.  The researchers analyzed more than 1,500 data breaches involving…

Security firm Patchstack has discovered over one million WordPress websites might have been impacted by a critical vulnerability in the Essential Addons for Elementor plugin.  Essential Addons for Elementor provides WordPress site admins with more…

Lazarus, the North Korean Advanced Persistent Threat (APT) group, has launched a new spear-phishing campaign involving the exploitation of Windows Updates to deploy malware and the use of GitHub as a command-and-control (C2) server. The Lazarus Group was…

According to new research at Mandiant, many of the ransomware attacks on industrial and critical infrastructure organizations result in the exposure of operational technology (OT) data that could be useful to threat actors, including to conduct cyber-…

Proofpoint has released its 2022 Cost of Insider Threats Global Report, which delves into the costs and trends associated with negligent, compromised, and malicious insiders. Findings shared in the report come from a survey of more than 1,000 IT and…