Security Bulletin

Ongoing cybersecurity workforce shortage around the world has prompted Sophos and Boise State University's Institute for Pervasive Security to collaborate in facilitating cybersecurity training, SiliconAngle reports.

Numerous federal agencies, including the State Department, the Department of Housing and Urban Development, and the National Aeronautics and Space Administration, have not yet integrated privacy into their risk management systems nearly five years...

More than 40,000 of over 1.8 million administrator credentials compromised by information-stealing malware that have been recovered from January to September were "admin," indicating the prevalence of weak passwords used in administrator portals and...

SecurityWeek reports that organizations across the U.S. have been alerted by the Cybersecurity and Infrastructure Security Agency regarding three critical and high-severity Weintek cMT human-machine interface vulnerabilities, which should be...

Numerous severe vulnerabilities have been reported to affect Milesight industrial cellular routers and South River Technologies' Titan MFT and Titan SFTP servers, according to The Hacker News.

TechRepublic reports that cloud apps have become the most prevalently clicked lure for spreading malware through spearphishing campaigns during the first three quarters of 2023, followed by e-commerce sites and government organizations.

Phishing, malware attacks spike in third quarter cyberattacks involving phishing and malware have grown by 173% and 110%, respectively, during the third quarter, compared with the second quarter, reports SiliconAngle.

Operations at major TV advertising sales and technology firm Ampersand have been temporarily impacted by a ransomware attack claimed by the Black Basta ransomware operation, according to The Record, a news site by cybersecurity firm Recorded Future.

BleepingComputer reports that Taiwanese multinational networking equipment provider D-Link has disclosed being impacted by a data breach stemming from the compromise of a test lab system running on end-of-life software following a successful phishing...

State-sponsored hacking operations have begun leveraging Discord to facilitate cyberattacks against critical infrastructure organizations as evidenced by the presence of an artifact aimed at such entities in Ukraine discovered in the instant...

Facing a potential cascade of legal challenges from industry groups and state attorneys general, the EPA has rescinded its cyber-rules. But where does that leave local water safety?

The sophisticated APT employs various tactics to abuse Windows and other built-in protocols with both custom and public malware to take over victim systems.