Microsoft, Adobe Exploits Top List of Crooks’ Wish List
You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market.
Vulnerabilities
Magecart Goes Server-Side in Latest Tactics Changeup
The latest Magecart iteration is finding success with a new PHP web shell skimmer.
CISOs Struggle to Cope with Mounting Job Stress
Pandemic and evolving IT demands are having a major, negative impact on CISOs’ mental health, a survey found.
A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor.
The DBIR – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers.
Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting.
According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key.
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships.
The ‘Send My’ exploit can use Apple’s locator service to collect and send information from nearby devices for later upload to iCloud servers.
Paper ballots and source-code transparency are recommended to improve election security.
InfoSec Insider
-
Beyond MFA: Rethinking the Authentication Key
-
Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud
-
Sneakers, Gaming, Nvidia Cards: Retailers Can Stop Shopping Bots
-
A Tale of Two Hacks: From SolarWinds to Microsoft Exchange
-
Smishing: Why Text-Based Phishing Should Be on Every CISO’s Radar