The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for system engineers. The document titled "Engineering Trustworthy Secure Systems" resulted from President Joe Biden's 2021 executive order aimed at…

According to the University of Toronto's Citizen Lab, cellphones belonging to dozens of journalists and human rights defenders in El Salvador were repeatedly hacked with the Israeli firm NSO Group's sophisticated Pegasus spyware over the past year and a…

The ransomware gang known as Sabbath is targeting critical infrastructure groups in North America. Sabbath has targeted US and Canadian critical infrastructure, including education, national resources, and health sectors. For example, the threat group…

Jeremy Fuchs, a security researcher with Avanan, warns of the creation and use of Adobe Creative Cloud accounts by malicious actors to send phishing emails that can evade traditional checks and some advanced threat protection solutions. These attacks…

However sophisticated and resourceful cybercriminals can be, they still make mistakes. The India-based threat actor group called Patchwork, which has targeted users and government organizations in Pakistan, accidentally left its hacking strategies…

A young hacker named David Colombo claimed to have found a way to gain remote control over 25 Tesla electric vehicles in 13 countries. According to Colombo, the flaw used to trigger different actions remotely was not a vulnerability in Tesla's…

A cyberattack on the Medical Review Institute of America (MRIoA) may have exposed the personal data of 134,571 individuals.  MRIoA provides clinical reviews and virtual medical opinions.  MRIoA is based in Salt Lake City, Utah.  MRIoA…

Cisco on Wednesday announced patches for a critical vulnerability in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM).  Tracked as CVE-2022-20658 (CVSS score of 9.6), the issue exists…

A cyberattack on a city in California has resulted in the exfiltration of personal and financial data belonging to vendors, city employees, and their spouses.  A notice published by Grass Valley states that an unknown attacker was able to access…

The protected health information (PHI) of thousands of individuals may have been exposed in a hacking incident at a healthcare information management company based in Georgia.  Ciox Health, headquartered in Alpharetta, provides various services,…

Researchers at the cybersecurity firm SentinelOne have shared findings from their analysis of a flaw in the KCodes NetUSB kernel module that puts millions of end-user router devices from Netgear, TP-Link, Tenda, EDIMAX, D-Link, Western Digital, and more…

A team of researchers from the industrial cybersecurity firm Claroty and the developer security company Snyk analyzed 16 URL parsing libraries. Findings from the analysis further highlighted how inconsistencies could lead to different types of…