Lessons From OSC&R on Protecting the Software Supply Chain
A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much…
CISA warns of more Palo Alto Networks bugs exploited in attacks
CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited…
Microsoft patches Windows zero-day exploited in attacks on Ukraine
Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities.…
Critical bug in EoL D-Link NAS devices now exploited in attacks
Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached…
Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's…
Microsoft Exchange adds warning to emails abusing spoofing flaw
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make…
D-Link won’t fix critical bug in 60,000 exposed EoL modems
Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that…
The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance
by Gary S. Miliefsky, CISSP, fmDHS I came up with this model to simplify cybersecurity, resiliency and regulatory compliance for…
Amazon confirms employee data breach after vendor hack
Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked…
AI & LLMs Show Promise in Squashing Software Bugs
Large language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them…