Security Bulletin

Red-team assessments aren't very good at validating that defenses are working, so defenders don't have a realistic sense of how strong their defenses are.

Security teams have to come to grips with the reality that even with the last-minute accommodation not requiring the disclosure of any technical details – companies still need to comply with these new rules.

UNC-0050 is targeting government agencies in Ukraine in what appears to be a politically motivated intelligence-gathering operation.

Cybersecurity forecasters foresee consolidation of platforms as well as the market in 2024, with regulations and corporate responsibility weighing heavily on CISOs and board members.

New Jersey-based population health management software firm HealthEC had personal and health information from almost 4.5 million individuals following a data breach in July, reports SiliconAngle.

Nearly 11 million SSH servers connected to the internet, or about 52% of all scanned servers in IPv4 and IPv6 environments, could be compromised with the novel Terrapin attack, which could affect SSH channel integrity in certain encryption modes, as...

Threat actors could launch stealthier targeted phishing attacks through the new Simple Mail Transfer Protocol smuggling technique, reports The Hacker News.

Boston-based cloud-native security provider Aqua Security has landed a $60 million investment as part of an extended Series E funding round that raised $135 million in 2021, bringing the company's valuation to over $1 billion, SiliconAngle reports.