Blog
Exploit for Critical Windows Defender Bypass Goes Public
A proof-of-concept exploit has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks and execute malicious code.
NCSC Announces New Standard for Indicators of Compromise
The UK's National Cyber Security Centre (NCSC) has released its first RFC for the Internet Engineering Task Force (IETF), focusing on indicators of compromise (IoCs), which are observable artifacts associated with attackers.
NCSC Announces New Standard for Indicators of Compromise
The UK's National Cyber Security Centre (NCSC) has released its first RFC for the Internet Engineering Task Force (IETF), focusing on indicators of compromise (IoCs), which are observable artifacts associated with attackers.
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login
A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software...
Update: Citrix Provides Additional Measures to Address Citrix Bleed
The CVE-2023-4966 vulnerability has been actively exploited by threat actors since late August, allowing them to hijack authenticated sessions and bypass strong authentication measures.
Update: Report Details Aftermath of ICBC LockBit Ransomware Attack
A ransomware attack on the Industrial and Commercial Bank of China caused failed trading rates in the U.S. Treasury market to soar to $60 billion, highlighting the potential impact of cyberattacks on financial systems.
Organizations’ Serious Commitment to Software Risk Management Pays Off
A recent report by Synopsys reveals that there has been a decrease in vulnerabilities found in target applications, indicating that code reviews, automated testing, and continuous integration are helping to reduce programming errors.
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters...
Automotive Parts Retailer AutoZone Warns of MOVEit Data Breach
The breach, which occurred on May 28, 2023, compromised the data of 184,995 individuals. The company took three months to determine the extent of the breach and notify affected customers.
AI Solutions Are the New Shadow IT
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are covertly using AI with little regard for established IT and...
FREE GUIDE