SecurityWeek

Microsoft informed administrators on Monday that Application Guard for Office, a feature designed to protect users against malicious documents, is now available in public preview.

Organizations Must Establish a Culture of Resilience With Strategies That Are Independent, Measurable and Usable

Recently addressed Microsoft Azure Sphere vulnerabilities could lead to the execution of arbitrary code or to elevation of privileges, Cisco Talos’ researchers warn.

Software-as-a-Service (SaaS) security platform provider ReliaQuest announced on Tuesday that it has raised more than $300 million in a growth funding round led by global investment company KKR.

A researcher has disclosed the details of an unpatched vulnerability in Apple’s Safari web browser that can be exploited to steal files from a targeted user’s system.

The U.S. military’s top cyber official is defending the government’s shift toward a more aggressive strategy in cyberspace, saying the mission has evolved over the last decade from “a reactive and defensive posture” to keep pace with sophisticated threats.

A hack-for-hire group has been targeting organizations in the financial sector since 2012, for cyber-espionage purposes, Kaspersky’s security researchers reveal.

The owners and administrators of e-commerce websites powered by WordPress and the WooCommerce platform have been warned of attacks exploiting vulnerabilities discovered recently by researchers in a discounts plugin.

Palo Alto Networks (NYSE: PANW) announced on Monday that it has agreed to acquire incident response and digital forensics consulting firm The Crypsis Group.

Video app TikTok said on Monday it had filed a lawsuit challenging the US government's crackdown on the popular Chinese-owned platform, which Washington accuses of being a national security threat

Researchers at developer security company Snyk claim to have identified malicious behavior in an advertising SDK that is present in more than 1,200 iOS applications offered in the Apple App Store.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert to warn of a voice phishing (vishing) campaign targeting the employees of multiple organizations.

Freepik Company, the organization behind the Freepik and Flaticon websites, has disclosed a data breach that impacted approximately 8.3 million of their users.

Video app TikTok said Saturday it will challenge in court a Trump administration crackdown on the popular Chinese-owned platform, which Washington accuses of being a national security threat.

Attorney General William Barr said he would be “vehemently opposed” to any attempt to pardon former National Security Agency contractor Edward Snowden, after the president suggested he might consider it.

Recent Dharma ransomware attacks show that more Iranian hackers have started to engage in financially-motivated operations, threat hunting firm Group-IB reports.

Trend Micro’s Zero Day Initiative (ZDI) this week celebrated its 15-year anniversary and the company has shared some “crazy” and “odd” stories with SecurityWeek.

Microsoft this week announced that the Transport Layer Security (TLS) 1.3 protocol is now enabled by default in Windows 10 Insider Preview builds, and that it will be rolled out to all Windows 10 systems.

Adobe has made available in open source a tool designed to identify randomly generated strings in any plain text.Dubbed Stringlifier, the tool was written in Python and leverages machine learning to differentiate random character sequences from normal text sequences.

Mozilla announced on Thursday that it has expanded its bug bounty program with a new category that focuses on bypass methods for the exploit mitigations, security features and defense-in-depth measures in Firefox.