The US Department of Defense (DoD) launched a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base (DIB) contractor networks and improve digital hygiene. According to HackerOne, any information…

Cybersecurity incidents faced by federal agencies are continuing to increase in volume, complexity, and impact. The massive SolarWinds hack that impacted the Departments of Treasury, Justice, Commerce, and others further indicates the growing…

Security researchers at Website Planet discovered a misconfigured Elasticsearch server belonging to a popular office supplies store chain on March 3rd.   The misconfigured Elasticsearch server was leaking nearly one million records, including…

Claroty researchers discovered vulnerabilities in Rockwell Automation's FactoryTalk AssetCentre software, a backup solution specifically for Industrial Control Systems (ICS). All of the vulnerabilities have been given a maximum CVSS v3 base score of 10.…

Security researchers at Check Point discovered new malware disguised as a Netflix application, designed to spread worm-like via victims’ WhatsApp messages.  The malware is contained in an application on the Google Play Store called ‘FlixOnline.’…

A report released by the US Government Accountability Office (GAO) in March brings further attention to the increased vulnerability of the electrical grid to cyberattacks because of electric vehicles and internet-connected home appliances. Cybersecurity…

Security researchers from eSentire Threat Response Unit (TRU) are warning LinkedIn users to beware of unsolicited job offers after revealing a new spear-phishing campaign designed to install Trojan malware on their devices.  When a victim opens the…

GitHub is investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to use the company's servers to perform illicit operations for mining cryptocurrency. The attacks, which have been occurring since the fall of 2020,…

Security researchers at the threat intelligence company Intel 471 published a blog post discussing a malicious document builder known as EtterSilent that is growing in popularity among cybercriminals. Two versions of the maldoc builder have been seen…

The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system,…

VMware recently patched two critical vulnerabilities in its vRealize Operations (vROps) discovered by Egor Dimitrenko of Positive Technologies. The vROps product offers self-driving IT operations management for private, hybrid, and multi-cloud…

Hackers were able to steal cryptocurrency worth $367k from a new decentralized finance (DeFi) aggregator within hours of its launch.  ForceDAO was launched on the morning of April 3. Its operators discovered that the platform was being exploited…