Security researchers at Censys have discovered that more than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability.  Touted as the most widely deployed SSL VPN solution, Pulse Connect Secure provides…

Researchers from the security firm Pentera discovered that common misconfigurations in how Domain Name System (DNS) is implemented in an enterprise environment can put air-gapped networks and the high-value assets they are designed to protect at risk of…

The PCI Security Standards Council (PCI SSC) has released version 1.2 of the PCI Secure Software Standard as well as the supporting program documentation. The PCI Secure Software Standard is one of two PCI Software Security Framework (SSF) standards. The…

Cisco has disclosed a critical vulnerability that could enable Remote Code Execution (RCE) and Denial-of-Service (DoS) attacks on its latest generation of IP phones. The company warned that its Product Security Incident Response Team (PSIRT) is aware of…

Nemesis Kitten, a subgroup of an Iranian nation-state group, has been linked to Drokbk. This previously undocumented custom malware uses GitHub as a dead drop resolver to exfiltrate data from infected computers or to receive commands. According to…

North Korea's Lazarus Group is suspected of luring high-volume traders in cryptocurrency chat groups on Telegram into installing backdoors by asking for feedback on trading platform fee structures. Microsoft researchers and the digital forensics firm…

According to several security experts, the Log4Shell vulnerability will impact organizations for at least a decade. Those concerns appear to be justified, as a new report from Tenable finds that 72 percent of organizations are still vulnerable, even…

Security researchers have devised a generic SQL injection technique that circumvents multiple Web Application Firewalls (WAFs). WAF vendors have failed to add support for JSON inside SQL statements, allowing potential attackers to easily conceal their…

According to the cybersecurity firm NordVPN, at least 5 million people worldwide have had their online data stolen and sold on "bot markets." About 3,000 of those affected are from Ireland, while nearly 46,000 are from the UK. Bot markets are online…

According to new LogRhythm research, 67 percent of respondents say their company has lost a business deal due to a customer's lack of trust in their security strategy. Dimensional Research conducted the survey of 1,175 security professionals and…

According to a global survey of 4,700 Information Technology (IT) professionals conducted by Cisco, the most common types of incidents were network or data breaches (52 percent), followed by network or system outages (51 percent), ransomware events (47…

Researchers at Appdome unveiled the results of a global survey that shares the views of 25,000 consumers in 11 countries on mobile app use and consumer expectations of mobile app security.  The researchers found that more than half (53.5%) of…