White Papers | Cybersecurity News, Insights and Analysis

Hacktivist Attacks Show Ease of Hacking Industrial Control Systems

LATEST SECURITY NEWS HEADLINES

Canon Medical Product Vulnerabilities Expose Patient Information

What's Going on With Cybersecurity VC Investments?

CISA Issues Guidance on Transitioning to TLP 2.0

DoD Announces Final Results of 'Hack US' Bug Bounty Program

Microsoft Confirms Exploitation of Two Exchange Server Zero-Days

NEWS & INDUSTRY UPDATES

Google Says NSO Pegasus Zero-Click 'Most Technically Sophisticated Exploit Ever Seen'

Security researchers at Google’s Project Zero picks apart the notorious FORCEDENTRY iPhone exploit and finds a never-before-seen hacking roadmap for which there is no defense. [Read More]

Microsoft Spots Multiple Nation-State APTs Exploiting Log4j Flaw

Redmond's Threat Intelligence Center (MSTIC) expressly identified nation-state backed hacking teams from China, Iran, North Korea, and Turkey as the adversaries exploiting the flaw. [Read More]

GitHub Confirms Another Major NPM Security Defect

Microsoft-owned GitHub warns that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain. [Read More]

Nation-State APT Targets Afghans With New Toolset

Symantec is warning about a threat actor targeting multiple entities in South Asia, with a focus on Afghanistan - for data theft and cyberespionage. [Read More]

Google Helps OSTIF Boost Security of Open Source Projects

Google announced plans to support the Open Source Technology Improvement Fund in launching its Managed Audit Program to review critical open source projects. [Read More]

Google Warns of Exploited Zero-Days in Chrome Browser

Google joins Apple and Microsoft in warning about zero-day flaws being exploited in the wild. This time the target is the popular Google Chrome browser. [Read More]

Trend Micro Confirms In-the-Wild Zero-Day Attacks

Security vendor Trend Micro has issued a warning for in-the-wild zero-day attacks hitting customers using its Apex One and Apex One as a Service products. [Read More]

Did Microsoft Botch the PrintNightmare Patch?

Microsoft insists the latest Windows Print Spooler security update works as intended but researchers show code execution demos if certain capabilities are enabled. [Read More]

AWS Acquires Encrypted Communications Service Wickr

Amazon's AWS subsidiary has snapped up Wickr, a late-stage provider of encrypted communications technology. [Read More]

Apple: WebKit Bugs Exploited to Hack Older iPhones

Apple ships an out-of-band iOS update for older iPhones and iPads alongside a warning that a pair of WebKit security vulnerabilities may have been actively exploited. [Read More]