Technology

Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today’s onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security

Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development. The internet giant’s Threat Analysis Group (TAG) said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter,

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. “This malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app,” ESET researcher Lukas

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a

Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others’ penetration testing experiences, identifying trends, and the role they play in

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a “remotely exploitable” flaw found in a vulnerable component bound to the network stack, although exact

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA)

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims’ devices by simply sending them a malicious e-book. Dubbed “KindleDrip,” the exploit chain takes advantage of a feature called “Send to Kindle” to send a malware-laced document to a Kindle device that,

Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like “flex work” and “WFH” were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people work nowadays. Today, digital-based work interactions take the place of in-person ones