Security Bulletin

Malicious emails alerting of state-sponsored intrusions have been sent to lure organizations' cybersecurity teams into downloading the fraudulent "ESET Unleashed program," which features several ESET DLLs and would enable file and data deletion upon...

Okta brought its partners to Las Vegas for the annual Oktane conference. Here are the highlights.

Security software can be the first line of defense or the last, and the cost of failure is catastrophic. That's why quality is priority zero for Cisco.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for...

For CISOs to keep the board apprised of the potential risks from a breach, they’ll need the security equivalent of the GAAP accounting standards.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

The European Union adopted a new law setting EU-wide cybersecurity requirements for connected devices to ensure their safety.

The experimental SQL Expressions feature contains a flaw due to insufficient query sanitization.

Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.

Microsoft warns users to patch the HM Surf flaw because Defender detected it was actively exploited.

Adoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.