Microsoft has confirmed that Windows is affected by a zero-day vulnerability after researchers warned of exploitation in the wild. The security hole, now tracked as CVE-2022-30190, came to light after a researcher who uses the online moniker “nao_sec” reported finding a malicious Word file designed to execute arbitrary PowerShell code. The file was uploaded to VirusTotal from […]

Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don’t mitigate these risks are vulnerable to attack. In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and […]

On April 20, the security agencies that comprise the Five Eyes intelligence alliance from countries including the U.S., Australia, Canada, New Zealand, and the United Kingdom, released a joint Cybersecurity Advisory (CSA) warning of imminent and serious threats to critical infrastructure in countries that have sanctioned Russia or otherwise supported the Ukraine. Cybercrime groups have […]

The National Institute of Standards and Technology (NIST) has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. “[Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (C-SCRM)] encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but […]

The United States House of Representatives has passed a bill that would change how cybercrime is tracked, measured and reported by the federal government. The Better Cybercrime Metrics Act (S.2629), authored by US senator Brian Schatz, was approved by the House in a bipartisan 377-48 vote on Tuesday. Once signed into law, the bill will […]