Equifax breach happened because of a missed patch
The attackers who breached Equifax managed to do so by exploiting a vulnerability in its US website, the company has finally confirmed. The vulnerability – CVE-2017-5638 …
Confusion and lack of preparation in the face of looming GDPR deadline
With the GDPR deadline set for 25 May next year, many organisations are ill-prepared due to uncertainty about the criteria for compliance. 37 percent of respondents to a …
European Commission wants ENISA to introduce EU-wide cybersecurity certification scheme
“Cyber security attacks know no borders and no one is immune,” European Commission President Jean-Claude Juncker noted in his State of the Union Speech on …
Managing the fragmented cloud world
Enterprise IT environments are becoming more heterogeneous and complex, with fragmentation permeating cloud infrastructure, tooling and culture. However, enterprises find …
Patch Tuesday: 80+ vulnerabilities fixed, one exploited in the wild
As part of its regular, monthly Patch Tuesday update, Microsoft has released patches for 81 new vulnerabilities, including a zero-day in the .NET Framework. The September …
Phishers targeting LinkedIn users via hijacked accounts
A new phishing campaign has been spotted hitting LinkedIn users via direct messages and the LinkedIn InMail feature. They are sent from legitimate LinkedIn Premium accounts …
Why end-to-end encryption is about more than just privacy
The question of whether regular people need end-to-end encryption will surely be debated for quite some time. But for Alan Duric, CEO and co-founder of Wire, the question can …
Billions of Bluetooth-enabled devices vulnerable to new airborne attacks
Eight zero-day vulnerabilities affecting the Android, Windows, Linux and iOS implementations of Bluetooth can be exploited by attackers to extract information from, execute …
Organizations are uncovering a cloud security paradox
The characteristics of modern applications in the cloud are changing, requiring software and IT architects to shift priorities. Businesses of all sizes are transforming in …
DOE invests $50 million to improve critical energy infrastructure security
Today, the Department of Energy (DOE) is announcing awards of up to $50 million to DOE’s National Laboratories to support early stage research and development of …
Google Dashboard becomes mobile-friendly
Google Dashboard, a privacy tool through which users can see what Google has learned about them through their use of the company’s products, has been redesigned. …
Equifax attackers got in through an Apache Struts flaw?
Have the attackers responsible for the Equifax data breach exploited a vulnerability in Apache Struts, a popular open source framework for developing web applications, to …
Featured news
Resources
Don't miss
- Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)
- 18 arrested in €300 million global credit card fraud scheme
- PortGPT: How researchers taught an AI to backport security patches automatically
- AI can flag the risk, but only humans can close the loop
- VulnRisk: Open-source vulnerability risk assessment platform