Security Bulletin

Phishing authors have long ago discovered that adding HTML attachments to the messages they send out can have significant benefits for them – especially since an HTML file can contain an entire credential-stealing web page and does not need to...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Ivanti products have given us a rich corpus of vulnerabilities in recent months (years). Of course, we do see occasional scans attempting to exploit them. Just today, I spotted two of them. None of them is particularly new, but a reminder to keep...

Disconnected data hurts cybersecurity by preventing clear, real-time insights.

The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.

Bug bounties of up to $1 million are available for researchers who find flaws in the platform.

Amazon broke up a phishing operation that impersonated thousands of Amazon Web Service (AWS) domains.

Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.

Four companies — Avaya, Check Point, Mimecast, and Unisys — have been charged by the SEC for misleading disclosures in the aftermath of the 2020 SolarWinds compromise.

Eight months after the breach occurred, Change Healthcare has finally sent out millions of notices of compromised data to affected individuals.

Change Healthcare breach viewed as the largest healthcare breach in history.

With industries deep into their digital transformation journeys, identity security is undergoing its own evolution.