Автор: Nate Nelson, Contributing Writer

Poor permission controls and user input validation is endemic to the platforms that protect Americans’ legal, medical, and voter data.

CISOs for US states face the same kinds of challenges those at private companies do: lots of work to handle, but not necessarily enough money or people to handle it sufficiently well.

Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it’s not really a vulnerability.

Companies in this industry vertical tend toward large financial transactions with partners, suppliers, and customers.

Who needs advanced malware when you can take advantage of a bunch of OSS tools and free cloud services to compromise your target?

A water treatment facility in a small city took serious precautions to prevent any bad outcomes from a hazy cyber incident.

The group has used more than 30 custom tools to target high-value government and telecommunications organizations on behalf of Iranian intelligence services, researchers say.

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

Inc ransomware — one of the most popular among cybercriminals today — meets healthcare, the industry sector most targeted by RaaS.

Hackers sent a convincing lure document, but after 20 years of similar attacks, the target organization was well prepared.