DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails.

Scientists for the Pentagon’s far-out research branch, DARPA, weren’t sure that anyone would be able to collect the $50,000 prize when they announced their Shredder Challenge to find ways to ...

August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild. Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being ...

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. A recently surfaced 84-page ...

The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. Cyberattackers are targeting uninterruptible power supply (UPS) devices, which ...

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver. The popular protocol for radio controlled (RC) aircraft ...

Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.

While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks.

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. A China-based threat actor has ramped up efforts ...

The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. A U.K. water supplier suffered a disruption in its ...

Here’s what cybersecurity watchers want infosec pros to know heading into 2022. No one could have predicted the sheer chaos the cybersecurity industry would experience over the course of 2021.

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack. Google has patched the fifth actively exploited ...