The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.

read more

Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit,

U.S. President Joe Biden this week signed a memorandum on boosting the cybersecurity of National Security, Department of Defense, and Intelligence Community Systems.

read more

SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices.

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that

Among them: Explainable artificial intelligence (XAI) will improve the ways humans and AI interact, plus expect a shift in how organizations fight ransomware.

Oracle on Tuesday announced its first set of quarterly security updates for 2022, which include a total of 497 new patches. More than half of the addressed vulnerabilities can be exploited remotely without authentication.

read more

CISA Warns Organizations of 'Critical Threats' Following Ukraine Attacks

read more

The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the

It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.

Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.

Zoho Corp on Monday said it has released patches for a critical vulnerability affecting Desktop Central and Desktop Central MSP, the endpoint management solutions from ManageEngine.

read more