With a recession potentially coming, some companies are cutting security teams. But moving more infrastructure to the cloud and reducing the number of vendors through consolidation may be the...
Read moreGoogle WordPress Plug-in Bug Allows AWS Metadata Theft
December 22 2022A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run...
Read more‘Sextortion,’ Business Disruption, and a Massive Attack: What Could Be in Store for 2023
December 22 2022Our growing interconnectedness poses almost as many challenges as it does benefits.
Read moreThreat Modeling in the Age of OpenAI’s Chatbot
December 22 2022New technical chatbot capabilities raise the promise that their help in threat modeling could free humans for more interesting work.
Read moreZerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal
December 22 2022Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.
Read moreCritical Microsoft Code-Execution Vulnerability
December 22 2022A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is):
Like EternalBlue, CVE-2022-37958, as the latest...
Read more
Supply Chain Risks Got You Down? Keep Calm and Get Strategic!
December 22 2022Security leaders must maintain an effective cybersecurity strategy to help filter some of the noise on new vulnerabilities.
Read moreRansomware Attackers Bypass Microsoft’s ProxyNotShell Mitigations With Fresh Exploit
December 22 2022The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers.
Read more
Recent Comments