Security Bulletin

Authentication keys, TLS/SSL certificates, OAuth tokens, cloud service credentials, and other secrets leaked on GitHub reached 12.8 million last year.

Fixes have been issued by Microsoft for at least 60 security issues impacting several of its offerings as part of this month's Patch Tuesday.

Investigation into the incident alongside the third-party vendor and law enforcement is already underway, according to Acer Philippines.

Data from 27,000 individuals have been compromised following a ransomware attack against the Stanford University Department of Public Safety.

Attacks, which have been attributed to the Russian government, involved mounting attempts to obstruct the mirror servers leveraged by Meduza.

The Change Healthcare ransomware attack exposed how vulnerable healthcare IT systems are today -- to keep patients safe, Congress must act to help providers deliver stronger cybersecurity.

Today, most of the malicious scripts in the wild are heavily obfuscated. Obfuscation is key to slow down the security analyst's job and to bypass simple security controls. They are many techniques available. Most of the time, your trained...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Files containing malicious prompts could be used to manipulate interactions, researchers say.

There are multiple versions of BIND available for download from ISC's website - how should you decide which one is right for your production environment? The question has different answers, based on both the versions of BIND that are available, and...

Attackers continue to leverage popular AWS cloud and GitHub developer services as a way to “live-off-the-land” and launch malware.

This month's patches are oddly "light". We have patches for 60 vulnerabilities and 4 Chromium patches affecting Microsoft Edge. But only two of the vulnerabilities are rated as "Critical":