The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
New research demonstrates the use of thermal camera images of keyboards and screens in concert with AI to correctly guess computer passwords faster and more accurately.
Attackers could exploit the "Sandbreak" security bug, which has earned a 10 out of 10 on the CVSS scale, to execute a sandbox escape, achieve RCE, and run shell commands on a hosting machine.
Existing software security firms and new startups tackle the tasks of exposing dependencies and helping developers manage their use of open-source components.
Security teams have to protect an increasingly complex enterprise environment. Here are five elements of attack surface management they should consider.
An analysis of the malware and its infection strategies finds nearly 21,000 minor and 139 major variations on the malware — complexity that helps it dodge analysis.
Killnet calls on other groups to launch similar attacks against US civilian infrastructure, including marine terminals and logistics facilities, weather monitoring centers, and healthcare systems.
A CISO's responsibilities have evolved immensely in recent years, so their first three months on the job should look a different today than they might have several years ago.
About 1 in 5 phishing email messages reach workers' inboxes, as attackers get better at dodging Microsoft's platform defenses and defenders run into processing limitations.
A boom in artificial intelligence-powered detection and remediation tools pushes security spending to the top of the AI market, according to Forrester.
Some 400 mobile apps have posed as legitimate software on Google Play and the Apple App Store over the past year, and were designed to steal Facebook user credentials.
Current and former employees and members are being offered complimentary credit monitoring and
identity protection services as some personal information may have been accessed.
The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.
Test methodologies published today, and their scope includes security effectiveness, performance, stability and reliability, and total cost of ownership.
The malware-as-a-service group Eternity is selling a one-stop shop for various malware modules it's been distributing individually via a subscription model on Telegram.
Amid an economic downturn, cybersecurity staffing shortages, and endless cyberattacks, financially motivated attacks are the top concern among IT professionals.
Advanced attackers gained access to Microsoft Exchange services, conducted searches of email, and used an open source toolkit to collect data from the network for nearly a year.
Users and malicious actors interact with your business through the application layer. Build trust in your software by securing this first line of defense.
As threat actors' sophistication has grown dramatically in the last few years, organizations haven't kept up with implementing the necessary countermeasure controls.
Executives fear "malicious insiders" as top cyber threat to companies, research shows. Reasonable steps to secure and monitor systems may prevent reputational damage but are not enough.
A novel mobile malware found lurking behind a phone-spoofing app is being distributed via Telegram and a dedicated website, in a broad operation to monitor corporate victims.
Announcing its exposure management platform, Tenable joins other companies in offering ways — such as attack surface management — to look at business networks through the eyes of attackers.
Attackers are using the recently emerged browser-in-the-browser phishing technique to steal accounts from Valve's popular gaming platform, but it's a warning shot to businesses.