Security Bulletin

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that...

Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection.

A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Vulnerability exploits, pure extortion and internal risks are on the rise, while AI threats fall short.

The quest to keep data private while still being able to search may soon be within reach, with different companies charting their own paths.

The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change's backup strategy failed.

SiliconAngle reports that more robust high-risk identity threat discovery and response efforts are being aimed by enterprise identity protection startup Semperis with its new machine learning-based Lightning Identity Runtime Protection identity...

The U.S. Department of Justice announced that former National Security Agency information systems security designer Jareh Sebastian Dalke was given a prison sentence of 262 months, or nearly 22 years, for trying to sell confidential documents with U...

Unmanaged and unknown Web services endpoints are just some of the challenges organizations must address to improve API security.