SecurityWeek

The US government says Russia’s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide.

When evaluating XDR, consider its value based on its ability to reduce complexity and improve threat detection and response times.

Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades.

Intel announces new and improved security features with the latest vPro platform and Core Ultra processors.

White House calls for the “timely, complete, and consistent” publication of CVE and CWE data to help solve the security metrics problem.

The Black Basta and Bl00dy ransomware gangs have started exploiting two vulnerabilities in ConnectWise ScreenConnect.

The US government makes a $45 million investment in 16 projects to improve cybersecurity across the energy sector.

8,800 domains, many once owned by major companies, have been abused to get millions of emails past spam filters as part of SubdoMailing campaign.

Quantum computers are coming, and will defeat current PKE encryption. But this cryptopocalypse is not dependent upon quantum computers — it could happen through other means, at any time.

U-Haul says customer information was compromised in a data breach involving a reservation tracking system.

The best Red Team engagements are a balanced mix of technology, tools and human operators.

Canadian authorities are actively investigating cyberattacks impacting the RCMP network and Global Affairs Canada.

NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.

US government and allies expose TTPs used by notorious Russian hacking teams and warn of the targeting of dormant cloud accounts.

AI will allow attackers to improve their attacks, and defenders to improve their defense. Over time, little will change — but the battle will be more intense.

Taiwanese networking vendor Zyxel confirms security flaws in firewall and access points put users at risk of remote code execution attacks.

Open source is a great way to test the waters and define requirements. But when looking at putting a platform into production, an enterprise-ready solution will ensure you can keep up with business demands.

The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin.

UnitedHealth Group is blaming a state-sponsored threat actor for a disruptive cyberattack on its subsidiary Change Healthcare.

Lending firm LoanDepot said the personal information of 16.9 million people was stolen in a ransomware attack in early January.