Security researchers at Comparitech found an unprotected Elasticsearch database on August 22, 2021. Inside the 200GB digital index were records dating back ten years containing the personal details of more than 106 million international travelers who…

Researchers at the industrial cybersecurity firm Claroty found 11 vulnerabilities in widely-used network management products from Nagios during a research project on the use of network management systems in Information Technology (IT), Operational…

Researchers at PermiterX discovered that nearly half of US website owners have so little insight into third-party code that they can’t say definitively if their site has suffered a cyber breach. The web app security vendor polled 501 organizations across…

A security researcher has discovered a vulnerability in Hikvision surveillance cameras that make them susceptible to remote hijacking without the attacker needing to have a username and password. The attack can be launched using the standard HTTP and…

The decentralized finance (DeFi) system pNetwork that allows communication between different blockchains recently announced that it had been hacked for 277 pBTC (its bridged version of bitcoin), with losses worth more than $12 million at current value.…

Corporate end-users should be on high alert for phishing attacks in the final quarter of the year as this is when most malicious emails are likely to land, according to new research from Tessian.  The email security vendor analyzed four billion…

Windows IIS servers are being used to add expired certificate notification pages prompting visitors to download a fake installer. All Windows versions since Windows 2000, XP, and Server 2003 include the Microsoft Windows web server software, Internet…

Security researchers from AirEye discovered a new hacking method called SSID Stripping that could be used to trick unsuspecting users into connecting to fraudulent wireless networks. In collaboration with Technion, AirEye revealed the possible…

An Iowan agricultural group hit by ransomware over the weekend is claiming that the impact of the attack on the US public could be worse than the Colonial Pipeline incident.  The attack has been traced to BlackMatter, a group that some believe has…

The National Institute of Standards and Technology (NIST) recently held the "Workshop on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software," which is the government agency's latest step in the creation of a…

Security researchers have created a list of flaws commonly abused by ransomware gangs to infiltrate a victim's network. Allan Liska, a member of Recorded Future's Computer Security Incident Response Team (CSIRT), made a call to action on Twitter to…

AMD has disclosed a vulnerability contained by the AMD Platform Security Processor (PSP) chipset driver. Threat actors could exploit this vulnerability to dump memory pages and steal sensitive information, such as passwords and storage decryption keys.…