The Australian Cyber Security Center has issued a critical vulnerability alert in a Zoho Corp. password management service that could enable a threat actor to take control of the targeted host. The company has issued a security patch.
It is more important than ever to make applications robust and secure, but traditional application security has not kept pace with the demands of development and deployment. More needs to be done and as early in the software development lifecycle as possible.
The Checkmarx portfolio of products includes SAST, SCA,...
The U.S. Federal Reserve said Wednesday it is continuing to evaluate the creation of a central bank digital currency, or CBDC, and that it intends to publish research on the subject shortly, according to Chair Jerome Powell.
U.S. FBI and Department of Homeland Security leaders fielded several cybersecurity questions from House lawmakers Wednesday, particularly around the surge in ransomware attacks, diplomatic efforts to curb ransomware's financial model, and the nation-states that harbor cybercriminals.
Researcher Bob Diachenko has discovered an unsecured database containing personal information of 106 million foreign nationals who have visited Thailand in the past decade. The 200GB database, which has now been secured, has not been accessed by unauthorized personnel, Thai authorities say.
Researchers have found a zero-day vulnerability in U.K. broadband and cable TV provider Virgin Media’s Super Hub 3 routers that enables an attacker to unmask IP addresses of VPN users. But a Virgin Media spokesperson says the risk of that happening is "very low."
U.S.-based cryptocurrency exchange Coinbase has contracted with the U.S. Department of Homeland Security to provide its blockchain monitoring software, according to government tracking sites. The U.S.-based exchange also withdrew plans to launch a crypto lending program amid tensions with the SEC.
In the latest security incident involving a decentralized finance protocol, cross-chain project pNetwork announced Sunday it had been hacked for 277 pBTC, a form of wrapped bitcoin, with losses worth over $12 million at current value.
Earlier this month, McAfee Enterprise's Advanced Threat Research team, working with McAfee's Professional Services IR team, reported that an APT campaign dubbed Operation Harvest had been in operation for years. Their analysis provides insight into the group's tools, tactics and techniques.
While there is no dearth of talent among Indian bug bounty hunters, hurdles such as lack of trust, payment disputes, cost, unethical practices and lack of regulatory laws deter the growth of the bug bounty programs in the country, according to some experts.
The Mirai botnet is actively exploiting the known vulnerability CVE-2021-38647, which is part of a quarter of vulnerabilities dubbed OMIGOD, in Microsoft's Azure Linux Open Management Infrastructure framework, according to Kevin Beaumont, head of the security operations center for Arcadia Group.
Cisco Talos researchers have connected a previously discovered series of aviation industry attacks stretching back more than three years to a Nigeria-based attacker. The attacker sold the stolen information on the darknet, the researchers say.
CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit. Attackers could use the bug to compromise credentials and exfiltrate data from Active Directory.
Amid growing calls for cryptocurrency regulations, the U.S. acting comptroller of the currency has made a definitive statement on safeguarding investors and how cryptocurrency should intersect with traditional financial institutions.