Автор: Nate Nelson, Contributing Writer

Threat detection tools yield too many false positives, security pros say, leading to burnout and resentment.

The average higher education institution is getting hit once a week now, and as one University of Oregon attack shows, the sector often lacks the resources to keep pace.

All across the Asia-Pacific region, large and diverse marketplaces for AI cybercrime tools have developed, with deepfakes proving most popular.

CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.

It’s North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection.

Armed with a staggering arsenal of at least 20,000 different exploits for various Linux server misconfigurations, perfctl is everywhere, annoying, and tough to get rid of.

Poor permission controls and user input validation is endemic to the platforms that protect Americans’ legal, medical, and voter data.

CISOs for US states face the same kinds of challenges those at private companies do: lots of work to handle, but not necessarily enough money or people to handle it sufficiently well.

Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it’s not really a vulnerability.

Companies in this industry vertical tend toward large financial transactions with partners, suppliers, and customers.