In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that's said to be
Be aware of all the devices connected to your home network, including baby monitors, gaming consoles, TVs, appliances or even your car. Ensure all those devices are protected by a strong password and/or are running the latest version of their operating system.
The popular social news and community forum platform has run a private program with HackerOne for the past three years, but hopes that by going public, it can more quickly address vulnerabilities, improve its defenses and keep the platform secure.
Should insurance companies be banned from helping companies pay ransomware demands? How has malware messed with motorcars in the United States? And how are cybercriminals exploiting alcohol drinking during the pandemic? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
The vulnerability is triggered when a cloud container pulls a malicious image from a registry.
Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.
A school janitor has lost her job, and she says it's because she refused to download a smartphone app that would track her location.
This is a current list of where and when I am scheduled to speak:
- I’m keynoting the (all-virtual) RSA Conference 2021, May 17-20, 2021.
- I’m keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning (via Zoom), July 8-9, 2021.
- I’ll be speaking at an Informa event on September 14, 2021. Details to come.
The list is maintained on this page.
Joseph Carson, chief security scientist at Thycotic, discusses the death of data privacy and what comes next.
In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand.
From remote work and social media to ergonomics and encryption, TechRepublic has dozens of ready-made, downloadable IT policy templates.
AWS customers will be able to connect their accounts to Securonix's AWS-hosted SaaS security software using what it calls a "bring your own cloud" model.
The feds removed web shells that provided backdoor access to cybercriminals in a recent exploit of Microsoft Exchange.
The underlying loophole abuses a lapse in security of two independent WhatsApp processes, according to Forbes, which quoted research by Luis Márquez Carpintero and Ernesto Canales Pereña.
Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.
In the first months of the year, researchers noticed a malicious email campaign spreading weaponized Office documents that was delivering QBot trojan, and changing the payload after a short while.
Palo Alto Networks researchers have found CVE-2021-20291 in containers/storage that leads to a Denial of Service (DoS) of the container engines CRI-O and Podman when pulling a malicious image from a registry.
The two cybersecurity firms have joined together to form a single cloud identity security vendor, pooling their respective expertise and tools in the area of privileged access management (PAM).