Vulnerability ManagementUbuntu affected by 10-year-old flaws in needrestart packageLaura FrenchNovember 20, 2024The five vulnerabilities could lead to local privilege escalation without user interaction.
RansomwareRussian women stepping up for cybercrime outfitsShaun NicholsNovember 20, 2024Women are increasingly taking on top roles within Russian-speaking threat actor groups.
Data SecurityFBI and CISA warn of continued cyberattacks on US telecomsSteve ZurierNovember 20, 2024China’s campaign against U.S. telecoms has been ongoing for years.
IdentitySemperis HIP conference tries to diagnose healthcare cybersecurityPaul WagenseilNovember 19, 2024Identity protection in healthcare was a dominant theme at last week’s Semperis HIP conference, with many participants offering guidance on how to improve medical cybersecurity.
Critical Infrastructure SecurityCISA Dir. Jen Easterly to step down Jan. 20: Security community reactsLaura FrenchNovember 19, 2024Easterly has led the agency since July 2021 and was instrumental in driving the Secure by Design initiative.
RansomwareHelldown ransomware evolves to target VMware systems via LinuxSteve ZurierNovember 19, 2024Security pros say Helldown aims for maximum impact by targeting VMware systems.
Cybersecurity daily newsRed red team team: Threat actors hire pentesters to test out ransomware effectivenessShaun NicholsNovember 19, 2024Threat actors are hiring freelance pentesters to improve the effectiveness of their ransomware attacks
RansomwareUpstart SafePay ransomware group uses LockBit builder, claims 22 victimsLaura FrenchNovember 18, 2024Huntress researchers describe two SafePay ransomware incidents resulting in file encryption and exfiltration.
Network SecurityPalo Alto sounds alarm over PAN-OS zero-day attacksShaun NicholsNovember 18, 2024Palo Alto Networks says that customer devices could be under threat from an actively-targeted critical security flaw
PhishingOne in five DocuSign spoofs targeting businesses found to be impersonations of regulatory agenciesSteve ZurierNovember 18, 2024Spoofs from government agencies target businesses that regularly run DocuSign transactions with U.S. state, municipal and licensing authorities.
KnowBe4 named as first member of CRC Trusted Partner Program, leading the way in security culture to mitigate ransomwareDustin SachsNovember 19, 2024