Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

March security updates include 115 CVEs patching everything from Windows, Office and Microsoft’s new Chromium-based Edge web browser.

Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.

The two people who tested positive for COVID-19 may have been at the company's booth at RSA, which drew over 36,000 people to San Francisco in February.

82% of women in cybersecurity jobs agree the industry has a gender bias problem. Fixing it would not only improve morale and confidence, but also result in an economic boost to the cybersecurity industry.

Brave is testing a new defence against fingerprinting: confusing algorithms by randomising some of the data they collect.

The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIA’s cyber arsenal.

Started around 2013, the site claims to host over 24,000 active shops doing brisk business in stolen PII and hacking services.

The tech giant will take control of the U.S.-based infrastructure used by the criminals behind the world’s most prolific botnet used to distribute malware and infect victim computers.

A Deloitte survey about ransomware also recommends that local governments use air-gapped system backups.

The Ultimate Security Budget Plan & Track Excel template provides security executives with a clear and intuitive tool to keep track of planned vs. actual spend.

As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.

A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.

Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies.

In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances are configured correctly and securely.

A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.

A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.

Listen to the latest episode now!

Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.

CVE-2020-0796 affects version 3.1.1 of Microsoft’s SMB file-sharing system and was not included in Patch Tuesday, but patched the following day.