Security Bulletin

While summer is synonymous with vacations and relaxation, small and medium-sized business (SMB) owners cannot afford to let their cybersecurity take a break alongside their employees. Statistics show that 43% of cyberattacks target small businesses...

A simple toggle in Proofpoint's email service allowed for brand impersonation at an industrial scale. It prompts the question: Are secure email gateways (SEGs) secure enough?

Having a robust identity continuity plan is not just beneficial but essential for avoiding financially costly and potentially brand-damaging outages.

As partners, subcontractors, and hardware vendors enter the picture, network defenders need to reconsider what does and doesn’t constitute a threat.

In his confirmation hearing for the assistant secretary of Defense for cyber policy post, Sulmeyer said that he would focus on strengthening U.S. digital forces' "combat power" and "sustained readiness" against increasingly sophisticated...

NBC News reports that the U.S. has agreed to release convicted Russian hackers Vladimir Klyushin and Roman Seleznev, along with eight others, in exchange for Wall Street Journal reporter Evan Gershkovich and other American political prisoners held by...

"The United States and like-minded nations will explore options for advancing affirmative cybersecurity standards and coordinating other possible policy measures to mitigate risks," said the U.S. State Department in a statement regarding the meeting...

Despite repeatedly proclaiming the robustness of Falcon, CrowdStrike has not properly evaluated anti-threat updates prior to release leading to the widespread disruption, claimed the Massachusetts-based Plymouth County Retirement Association in its...

Aside from failing to perform risk assessments for the water and wastewater sector, the EPA has not also determined cybersecurity-related objectives, goals, activities, and performance measurements, as well as key roles and efforts coordination...

Despite the elevated detections, workarounds may have already been applied in some VMware ESXi instances, according to The Shadowserver Foundation.

Threat actors who created StackExchange accounts commented on popular threads with high-quality answers that included links to the packages, including 'spl-types,' 'sol-structs,' 'sol-instruct,' 'raydium,' and 'raydium-sdk,' which facilitated the...

While most of the intrusions involved websites spoofing a leading e-commerce platform and power tools maker, as well as fake sales offers for widely used products, attackers also leveraged fake Facebook user comments to facilitate the scheme.