Broadcom has addressed three VMware vCenter vulnerabilities, two of which are critical and enable Remote Code Execution (RCE). Hackers continue to target Virtual Machines (VMs) due to their rich repositories of sensitive data and applications. VMware vCenter is the central management console for VMware virtual environments, viewing and managing VMs, multiple ESXi hosts, and all dependent components. Heap overflow vulnerabilities were found in vCenter's Distributed Computing Environment/Remote Procedure Call (DCERPC) implementation.

New guidance from the Chartered Institute of Information Security (CIISec) advises employers to reach candidates outside traditional channels. The "Recruitment and Retention in Cybersecurity" report, written with ISC2, notes that while the global cybersecurity workforce reached a record 5.5 million last year, the skills shortfall increased by 12.6 percent. This challenge can be addressed in several ways, including by recruiting young talent in gaming centers. This article continues to discuss suggestions regarding recruitment and retention in the cybersecurity field.

AMD has launched an investigation after a well-known hacker announced the sale of sensitive data that allegedly belonged to the company. The hacker known as "IntelBroker" announced on the BreachForums cybercrime forum that he was selling the AMD data, which allegedly includes information about future AMD products, customer and employee databases, datasheets, source code, property files, firmware, and financial documents. The employee database allegedly contains information such as names, job roles, phone numbers, and email addresses.

Researchers at Recorded Future warn that cryptocurrency users are being targeted with legitimate-looking but fake apps that deliver information-stealing malware. The threat actor behind this operation targets both Windows and Mac users, using social media and messaging platforms to trick them into installing the malicious apps. This article continues to discuss how cryptocurrency users are getting tricked into downloading the malware.

The US and Indonesia recently conducted their first port-focused cybersecurity tabletop exercise to improve responses to cyberattacks on critical maritime infrastructure. According to the US Department of Homeland Security (DHS), the exercise simulated major cyber incidents and ransomware attacks on port operations, ship-to-shore cranes, and other aspects of maritime activity. This article continues to discuss the port-focused cybersecurity tabletop exercise and the importance of combating cyber threats in the maritime environment.

G7 nations will develop a cybersecurity framework for operational technologies in energy systems, with the intended users being manufacturers and operators. The agreement was announced by US National Security Advisor Jake Sullivan at the G7 Leaders' Summit on June 18. The framework seeks to improve the cybersecurity of the global supply chain for critical technologies used to manage and operate electricity, oil, and natural gas systems. This article continues to discuss the cybersecurity framework that will be developed by the G7 nations. 

Government agencies in the US, New Zealand, and Canada have released new guidance, titled "Modern Approaches to Network Access Security," for organizations to use stronger security solutions and improve network activity visibility. The document delves into modern security solutions that organizations can use beyond Virtual Private Networks (VPNs) to ensure secure access to hybrid environments.

According to new research by Cyble Research and Intelligence Labs (CRIL), a QR code-based phishing campaign has targeted individuals in China, tricking victims by using QR codes in fake official documents. As part of the campaign, Microsoft Word files are disguised as official documents from the Chinese Ministry of Human Resources and Social Security. CRIL security researchers believe the files were distributed via spam email attachments. This article continues to discuss the QR code-based phishing campaign targeting individuals in China.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control System (ICS) advisory informing organizations of a high-severity vulnerability discovered in an outdated industrial switch made by the Israel-based networking equipment manufacturer RAD Data Communications. The agency recently found a publicly available Proof-of-Concept (PoC) exploit aimed at a path traversal vulnerability in RAD's SecFlow-2 ruggedized switch/router, which is intended for harsh industrial environments.

It has recently been announced that a statewide outage of the 911 emergency response system in Massachusetts this week was caused by an errant firewall that prevented calls from getting to the 911 dispatch centers.  The Massachusetts  Executive Office of Public Safety and Security described the two-hour outage on Tuesday as a “technical issue” with its 911 vendor Comtech that was the result of a firewall installed to provide protection against cyberattacks and hacking.