SEARCH
All Articles
GitHub Fixes Bug That Could Have Routed Authenticated Sessions to Other Users
GitHub has patched a flaw in a backend system that in rare cases could have routed one user's authenticated session to another user's browser.
Microsoft Fixes IE 0-Day Used in Attacks on Researchers
Microsoft has patched a zero day in Internet Explorer and Edge that was used in attacks against security researchers.
Attacks on Exchange Servers Spread
Attacks on the Exchange server flaws disclosed last week are being exploited by multiple threat actors and targeting a wide range of companies.
‘The Whole World is Built on Software’
MiIke Hanley, the new GitHub CSO, sees myriad opportunities to have a positive influence on software security.
Exchange Attacks Hitting Broad Range of Organizations
Attackers are using the four Microsoft Exchange zero days to target organizations from SMBs to government agencies and banks.
Hafnium Attack Group Exploiting Four Exchange Zero Days
A Chinese attack group called Hafnium has exploited for zero days in Microsoft Exchange to steal data from inboxes and take control of compromised servers.
ObliqueRAT Delivered Via Rigged Image Files
The ObliqueRAT malware is now being delivered through malicious image files hosted on compromised websites.
Attackers Continue to Target Accellion FTA Flaws
Attackers are exploiting four vulnerabilities in the Accellion File Transfer Appliance, weeks after patches were released.
SolarWinds Hack Leads to Calls for Confidential Data Sharing
Confidential threat intelligence sharing could help prevent the next large-scale intrusions, tech executives say.
Visibility, Cooperation Needed to Counter ICS Threats
Better visibility into ICS environments and increased cooperation between the private sector and government are key to defeating emerging threat actors.
Mystery Silver Sparrow Malware Targets Macs
The Silver Sparrow malware is targeting Macs, including those with the M1 chip, but is not delivering a payload.
RDP Is Still Vulnerable, Remains Popular Target
Recent ESET research shows a staggering increase in the number of attacks against Remote Desktop Protocol in 2020--a clear sign of how effective the method is when breaching networks and compromising machines.
SolarWinds Attackers Downloaded Some Microsoft Source Code Components
Microsoft said the SolarWinds hackers were able to view and download some source code components for Azure, Exchange, and Intune.
White House Promises Cybersecurity Action, SolarWinds Response
The White House promised to make cybersecurity a top priority and in its first month has begun responding to the massive SolarWinds hack and appointed several people with national security experience who have also previously worked on cybersecurity issues to the Biden Administration.
New DNS Abuse Institute Tackles Malicious Activity
The Public Interest Registry launched the DNS Abuse Institute to coordinate efforts by domain registrars and internet registries to stomp out abuses of the domain name system.