The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers. A communications and IT vendor for 90 percent of the world’s airlines, ...

The attacker who penetrated the Dutch CA DigiNotar last year had complete control of all eight of the company’s certificate-issuing servers during the operation and he may also have issued some rogue ...

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. After a recent dip, ransomware attacks are back on the rise. According to data released by ...

A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE. The FBI has announced that Christopher Dobbins pleaded guilty and was ...

August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild. Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being ...

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to ...

Mobile transactions could’ve been disabled, created and signed by attackers. Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a ...

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. New research indicates that over 80,000 Hikvision surveillance cameras in ...

Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.

Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia. An unknown zero-click exploit in Apple’s iMessage was used by Israeli-based NSO Group to plant either ...

An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks. Microsoft has suspended 18 Azure Active ...

A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren’t connected to the internet. Disconnecting devices from the internet is no longer a solid plan for protecting ...