The Carnegie Mellon University (CMU) CyLab Security and Privacy Institute recently attended the White House's Internet of Things (IoT) security summit to discuss what is required to foster an effective IoT security labeling ecosystem. Consumers have…

Video messaging platform Zoom recently released a new patch to a high-severity flaw in its client for macOS devices.  The vulnerability (tracked CVE-2022-28762) refers to a debugging port misconfiguration affecting versions starting with 5.10.6 and…

The Commonwealth Cyber Initiative (CCI), led by Virginia Tech, is Virginia's primary access point for cybersecurity research, innovation, and workforce development. Radford University, the University of Virginia's College at Wise, Virginia Military…

Researchers at Sonatype have uncovered 88,000 malicious open-source packages so far this year, a triple-digit increase on the same figure in 2019 and indicative of a fast-growing corporate attack surface.  The researchers stated that there is a…

Federal police in Brazil recently arrested a suspected member of the prolific Lapsus$ cybercrime collective after launching an investigation this summer.  The man was apprehended in Feira de Santana, a city in the northeast of the country, as a…

Given the Internet of Things (IoT) devices' exponential growth, data bottlenecks and lags in data processing and return signaling are expected. According to Kyusang Lee, an assistant professor of materials science and engineering and electrical and…

The FBI has issued a warning that cybercriminals and scammers may begin to target former students seeking debt relief through US President Joe Biden's student loan forgiveness program. The US Department of Education will provide "targeted student debt…

The Transportation Security Administration (TSA) has issued a new cybersecurity security directive that will apply to designated passenger and freight railroad carriers. This security directive will improve cybersecurity preparedness and resilience for…

SafeBreach, a cybersecurity firm, has warned of a fully undetectable PowerShell backdoor that uses a novel attack methodology. A vulnerability discovered in the wild uses a PowerShell script to create a scheduled task on the victim's system disguised as…

According to researchers at Group-IB, a prolific ransomware group targeting network-attached storage (NAS) devices this year monetizes its efforts by extorting both vendors and their end customers. The group is called the Deadbolt ransomware group. The…

A misconfigured server exposed sensitive information for some Microsoft customers, according to the Microsoft Security Response Center. The misconfigured endpoint could have been accessed over the Internet and did not require authentication. According to…

The French National Gendarmerie recently dismantled a car theft ring that used fraudulent software to hack and steal vehicles with remote keyless entry and ignition systems. The criminals targeted vehicles with keyless entry and start systems, taking…