Cyber Security News:
Phishing Attacks for Initial Access Surged 54% in Q1
MITRE Creates Framework for Supply Chain Security
The Cybersecurity Infrastructure and Security Agency (CISA) has issued a warning about active exploits against unpatched F5 Network’s BIG-IP systems.
Microsoft Security Intelligence this week tweeted a warning about an attack campaign targeting SQL servers and using a new approach to evade PowerShell monitoring.
Researchers have demonstrated iPhone malware that works even when the phone is fully shut down.
A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.
Creating a company culture for security may need to start by tearing down an anti-security culture.
Most local leaders lack cybersecurity resources, so they don’t know where their weaknesses are and which areas threat actors are most likely to target, with little focus or understanding of risk.
CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the Russian SVR, and a blueprint for future attacks.
Even with dedicated identity management tools at their disposal, many companies — smaller ones especially — are sticking with email and spreadsheets for handling permissions.
Just one day after disclosure, cyber attackers are actively going after the command-injection/code-execution vulnerability in Zyxel’s gear.