Google recently announced the release of an emergency chrome update that patches an actively exploited zero-day vulnerability.  The flaw tracked as CVE-2022-2294 has been described as a heap buffer overflow in WebRTC.  An Avast Threat…

Recently accounts receivable management firm Professional Finance Company (PFC USA) started sending out data breach notification letters to patients of over 650 healthcare providers across the country.  The Northern Colorado-based company has…

Human error continues to be the most effective vector for network infiltrations and data breaches. The SANS Institute security center recently released its annual security awareness report based on data from 1,000 information security professionals,…

Microsoft recently released a private threat intelligence advisory informing organizations that a worm called Raspberry Robin is infecting hundreds of Windows networks.  The worm is spreading via infected USB devices.  The researchers noted…

Recently the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) selected the first-ever group of encryption tools that could potentially withstand the attack of a quantum computer.  The four selected encryption…

According to a survey conducted by Imprivata conducted by WBR Insights, healthcare cybersecurity leaders reported using multi-factor authentication (MFA), identity and access management (IAM), and privileged access management (PAM) solutions to reduce…

The German Federal Office for Information Security (BSI) has released an IT baseline protection profile for space infrastructure in response to concerns that attackers may turn their attention to the sky. The document resulted from work by Airbus Defence…

The threat actor behind the AstraLocker ransomware claims they are ceasing operations and intend to transition to cryptojacking. The creator of the ransomware uploaded a ZIP archive containing AstraLocker decryptors to the VirusTotal malware detection…

MITRE's Center for Threat Informed Defense now provides a free Chrome browser extension called ATT&CK Powered Suit that enables instant searching of the ATT&CK framework knowledge base by right-clicking on a term. Mark Haase and Jon Baker, the…

An investigation conducted by ITV News into cybersecurity at UK public services revealed a significant disparity in defense budgets, hundreds of website vulnerabilities, and staff email addresses and passwords at one council posted in full online.  …

It was recently discovered that a malicious third party compromised the British army’s Twitter and YouTube accounts and used them to direct visitors to cryptocurrency scams.  After discovering the accounts were hacked, it took 4 hours to regain…

OpenSea, the largest nonfungible token (NFT) marketplace with nearly 2 million users, revealed that an employee of one of its email vendors, Customer.io, gained access to and downloaded the company's email list. It also stated that anyone who has…