Security Bulletin

The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.

Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.

Oasis researchers say they reported the bug in June – and Microsoft patched it in October.

Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.

The U.S. Department of Justice offers $10 million for information leading to arrest of hacker.

A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.

Honored by SC Media, Ashley Jess shares her journey from FBI analyst to Intel 471 leader, tackling cyber threats and inspiring women in IT security.

Threat actors behind the intrusions initially compromised internet-exposed apps and database servers with SQL injection before proceeding with PHPsert webshell distribution, reconnaissance, credential compromise, lateral movement, and custom Mimikatz...

High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others' mistakes.

Chinese cybersecurity firm Sichuan Silence has been sanctioned by the U.S. Treasury Department for its role in the widespread exploitation of the Sophos XG firewall zero-day SQL injection flaw, tracked as CVE-2020-12271, to compromise critical...

Hackers are constantly evolving, and so too should our security protocols.

ICIT says the key to resilience is in the four Rs: resourcing, recovery, rehearsals, and response -- all essential to mitigate the risks posed by digital consolidation and ensure the security of critical infrastructure.