CVSS 4.0 Offers Significantly More Patching Context
The latest vulnerability severity scoring system addresses gaps in the previous version; here's how to get the most out of…
November 2023
North Korea’s BlueNoroff APT Debuts ‘Dumbed Down’ macOS Malware
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.
Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable
Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the…
Crafting an AI Policy That Safeguards Data Without Stifling Productivity
Companies must recognize AI's utility, while setting clear boundaries to curtail unsafe utilization.
Iran-Linked Agrius APT Group Targets Israeli Education, Tech Sectors
The attackers also use custom wipers to cover their tracks and bypass EDR.
Identity Alone Won’t Save Us: The TSA Paradigm and MGM’s Hack
To combat sophisticated threats, we need to improve how we approach authorization and access controls.
Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule
Mandiant/Google Cloud's Jill C. Tyson offers up timelines, checklists, and other guidance around enterprisewide readiness to ensure compliance with the…
Kinsing Cyberattackers Debut ‘Looney Tunables’ Cloud Exploits
Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.
Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks
Previously limited to initial access brokering, the Gootloader group has pivoted to a nasty post-compromise "GootBot" attack, each implant with…
Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams
With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you…