darkreading

Though Cisco reports of no known malicious exploitation attempts, but thanks to a CVSS 10 out of 10 security vulnerability (CVE-2024-20418) three of its wireless access points are vulnerable to remote, unauthenticated cyberattacks.

The malware combines a miner and data stealer, and it packs functions that make detection and mitigation a challenge.

While training and credentialing organizations continue to talk about a "gap" in skilled cybersecurity workers, demand — especially for entry-level workers — has plateaued, spurring criticism of the latest rosy stats that seem to support a hot market for qualified cyber pros.

It's unclear what the threat actors have against this particular breed of cat, but it's taking down the kitty's enthusiasts with SEO-poisoned links and malware payloads.

Establishing realistic, practitioner-driven processes prevents employee burnout, standardizes experiences, and closes many of the gaps exposed by repeated one-offs.

The company comes out of stealth with a tool that integrates directly into the developer's IDE to find flaws, offer remediation advice, and training materials to write secure code.

Attackers are triggering victims' deep-seated fear of getting in trouble in order to spread the sophisticated stealer across continents.

Campaigns like Silver Fox and Void Arachne are deploying the framework, using social media and messaging platforms to lure in victims.

Google Cloud will take a phased approach to make multifactor authentication mandatory for all users.

The draft amendment also includes prison time for those who access systems to maliciously spy or intercept data.

SANS's "2024 State of ICS.OT Cybersecurity report" highlights the most common types of attack vectors used against ICT/OT networks.

Interpol disrupts 22,000 malicious IP addresses, 59 servers, 43 electronic devices, and arrests 41 suspected cybercriminals.

Omdia Principal Analyst Hollie Hennessy says that until a promising new set of regulations around the world comes online, connected device security entails a shared responsibility among consumers, enterprises, and manufacturers.

The mobile device maker continues to investigate IntelBroker's claims of another high-profile data breach, with the cybercriminal group posting on BreachForums internal data allegedly stolen from Nokia through a third-party contractor.

In a time of increasingly sophisticated cross-domain attacks, relying solely on automated solutions isn't enough.

When it comes to landing a job in cybersecurity, what does it take to stand out from the pack? Try playing games.

The suspect, tracked as UNC5537, allegedly bragged about hacking several Snowflake victims on Telegram, drawing attention to himself.

The CRON#TRAP campaign involves a novel technique for executing malicious commands on a compromised system.

Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain.

The cybercriminal group holding the stolen information is demanding the vendor admit to the breach and pay up.