Security Bulletin

Attacks commence with the delivery of fraudulent business- or finance-related documents, which when executed open the default app for Word documents while establishing a mutex and altering registry entries to ensure persistence.

Approval of an AnyDesk connection authorization request sent by Mad Liberator to one organization prompted the execution of a Windows update screen-emulating binary to obtain device control and access to a linked OneDrive account.

Here’s how to modernize and service customers better, but keep the enterprise secure.

Google says it will remove the package in a firmware update after reports that it has excessive privileges and contains vulnerabilities.

The Open-Source Software Prevalence Initiative, announced at DEF CON, will examine how open source software is used in critical infrastructure.

Personal information, such as mailing addresses and phone numbers, at risk in misconfiguration.

Teams designed AI systems to secure open source infrastructure software to be used in industries like financial services, utilities, and healthcare. Each finalist was awarded a $2 million prize.

Inconsistencies and lack of information in cybersecurity disclosures highlight the need for organizations to establish a robust materiality assessment framework.

The attack affects organizations that have synced multiple on-premises Active Directory domains to a single Azure tenant.

Open Systems' Tim Roddy talks about what is driving the need for network transformation efforts and why organizations are moving to IAM and SASE (also known as Zero Trust Edge) solutions to support these efforts.

IT thought leader Stamos forecasts AI’s boom-bust cycle, the very expensive IT heterogeny business trend and reflects on the single most important CrowdStrike-Microsoft outage takeaway for the industry.

The vulnerability was given a high-severity CVSS score, indicating that customers should act swiftly to mitigate the flaw.