Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have...
Microsoft’s Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows, Linux,...
EvilProxy is becoming one of the more popular phishing platforms to target MFA-protected accounts, with researchers seeing 120,000 phishing emails sent to over a hundred organizations...
SAP has released patches for 16 vulnerabilities with Critical, High, Medium, and Low severities. The CVSS scores for these vulnerabilities are between 3.7 (Low) to 9.8...
The top 5 security vulnerabilities for 2023 have been revealed by a recent study, with Apache and OpenSSH services being the most vulnerable. MOVEit and Barracuda Networks’ attacks...
On August 8, 2023, Crowdstrike announced its new counter operations, “CrowdStrike Falcon Intelligence” and the CrowdStrike® Falcon OverWatch” to detect and disrupt advanced cyber adversaries. A new...
Phantom Speculation and Training in Transient Execution are two novel techniques that have been identified to leak arbitrary information from all modern CPUs. A new technique...
Daniel “Rags” Ragsdale is joining the White House Office of the National Cyber Director, following work in the private sector, Defense Department and cyber research space....
The National Institute of Standards and Technology is seeking public feedback on its revamped Cybersecurity Framework, which includes guidance on operationalizing cyber best practices. The National...
Average response time accelerated from 29 to 19 days, from 2021 to 2022, with lessons from Log4j and other high-profile vulnerabilities having a significant impact on urgency levels,...