Vulnerabilities/Threats

A gradual transition to a world beyond passwords predisposes zero-trust projects to success.

MediaTek systems-on-a-chip are embedded in more than one-third of smartphones and IoT devices around the world.

Standards need to reflect that most endpoints will be remote and/or wireless.

The new variants, improved for stealth and persistence, share code with other malware samples attributed to the C-23 APT.

The company seeks to hold Israeli firm NSO Group liable for the targeting of Apple users and requests a permanent injunction to ban its use of Apple products and services.

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well.

The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place.

Each security step, no matter how small, can have great impact in detecting and deterring cyber theft.

The incident, which affected 1.2 million users, raises concerns about domain impersonation attacks and other malicious activities.

CISA and the FBI share steps organizations should take to better protect against security threats during holidays and weekends.

Are you asking the right questions when developing your incident response playbook? What security tasks are you willing to automate?

Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.

Among other things, the pair pretended to be Proud Boys volunteers and sent in a fake video and emails to Republican lawmakers purporting to show Democratic Party attempts to subvert the 2020 presidential elections.

Security defenders can run these queries against Certificate Transparency logs to identify misconfigured SSL certificates before they can be used by adversaries to map out attacks.

Attackers also are deploying ProxyShell and abusing the vulnerabilities in stealthier manner, researchers say.