The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they're material incidents.
FBI tells public to ignore false claims of hacked voter data
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks.
Fortinet confirms data breach after hacker claims to steal 440GB of files
Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft SharePoint server.
Fake password manager coding test used to hack Python developers
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.
Adobe fixes Acrobat Reader zero-day with public PoC exploit
A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit.
Microsoft to start force-upgrading Windows 22H2 systems next month
Microsoft announced that Windows 11 installs reaching the end of support next month, on October 8, will be force-upgraded to Windows 11 23H2.
Microsoft Office 2024 to disable ActiveX controls by default
After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps.
SonicWall SSLVPN access control flaw is now exploited in attacks
SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible.
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.
Understanding the Difference Between Cybersecurity and Cybersecurity Risk
In today's digital age, the terms "cybersecurity" and "cybersecurity risk" are often used interchangeably. However, they represent different concepts that are crucial for understanding how to protect information systems effectively. Let's delve into what these terms mean and how they relate to each other.
PoorTry Windows driver evolves into a full-featured EDR wiper
The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder.
786 Hits
The All-In-One Security (AIOS) WordPress security plugin, used by over a million WordPress sites, was found to be logging plaintext passwords from user login attempts to the site's database, putting account security at risk.
846 Hits
The website is pretty swift, considering there's just a 39-year-old IBM PCjr behind it.
Behind the simple but not-unappealing website of Brutman Labs, there are some surprising features and statistics. In a recent update posted to the site, it was revealed that the server behind the web destination has run for an impressive "2,500 hours of continuous runtime." However, probably far more eyebrow-raising is the fact that the web server is a 39-year-old IBM PCjr that's packing a 4.77 MHz CPU.
1300 Hits
Generative AI is transforming the way we work, but fears that it will destroy the economy are overblown.
Artificial intelligence will augment work and could add more opportunities to the job market rather than tank it, according to tech executive Gali Arnon. While some fear that AI will erase huge numbers of roles, Arnon argues that AI will accelerate the pace of job creation, augment work, and accelerate startup opportunities.
986 Hits
Google is fighting back against the constant invasion of malware on Google Play by requiring all new developer accounts registering as an organization to provide a valid D-U-N-S number before submitting apps.
833 Hits