Security Bulletin

Researchers at Aqua Security discovered the "Shadow Resource" attack vector and the "Bucket Monopoly" problem, where threat actors can guess the name of S3 buckets based on their public account IDs.

Ransomware operators are increasingly turning to new, and in some cases extremely concerning, tactics to extort payments from victims.

The latest AI-enabled tools are enticing, but don’t lose focus on what’s really important as the show continues on.

Geolocation services for a number of popular mobile hardware vendors can be used to perform widescale Wi-Fi network monitoring.

Invisible authentication mechanisms in Microsoft allow any attacker to escalate from privileged to super-duper privileged in cloud environments, paving the way for complete takeover.

The number of additions to the Known Exploited Vulnerabilities catalog is growing quickly, but even silent changes to already-documented flaws can help security teams prioritize.

The security vendor has also implemented several changes to protect against the kind of snafu that crashed 8.5 million Windows computers worldwide last month.

The RISC-V platform has found itself presented with a new security flaw based within the hardware of some CPUs.

During a "Shark Tank"-like final, each startup's representative spent five minutes detailing their company and product, with an additional five minutes to take questions from eight judges from Omdia, investment firms, and top companies in cyber.

Black Hat USA 2024 kicks off with powerhouse panel waxing on election integrity.

The “Shadow Resource” flaws enabled attackers to pre-claim other users’ S3 buckets as their own.

CrowdStrike admitted in its root cause analysis that a lack of proper testing was part of the cause of the outage.