Microsoft fixes MoTW zero-day used to drop malware via ISO files
Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files,…
U.S. govt employees exposed to mobile attacks from outdated Android, iOS
Roughly half of all Android-based mobile phones used by state and local government employees are running outdated versions of the…
The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical
Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic,…
IoT Fingerprinting Helps Authenticate and Secure All Those Devices
For organizations struggling to protect a rapidly expanding volume of IoT devices, IoT fingerprinting could help with security and management.
Passkey Demos Hint at What’s Ahead for Passwordless Authentication
At the Authenticate Conference, Google and Microsoft demonstrated their passkey prototypes. Apple, meanwhile, already launched its version in iOS 16.
HP Launches Sure Access Enterprise to Protect High Value Data and Systems
HP enhances HP Wolf Security portfolio to stop attackers hijacking privileged access to sensitive data.
Using Identity for Access Is a Huge Cybersecurity Risk
Why FIDO’s proposal to use identification for cyber access opens more security vulnerabilities for threat actors to exploit […] The…
Malware dev claims to sell new BlackLotus Windows UEFI bootkit
A threat actor is selling on hacking forums what they claim to be a new UEFI bootkit named BlackLotus, a malicious tool with…
Apple’s Constant Battles Against Zero-Day Exploits
Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld.
Critical VM2 flaw lets attackers run code outside the sandbox
Researchers are warning of a critical remote code execution flaw in 'vm2', a JavaScript sandbox library downloaded over 16 million…