Malware hunters at Volexity are raising the alarm for a Chinese threat actor seen exploiting a zero-day flaw in the Zimbra email platform to infect media and government targets in Europe.
Volexity Warns of ‘Active Exploitation’ of Zimbra Zero-Day
FBI Warns of Potential Cyberattacks Targeting 2022 Winter Olympics
The Federal Bureau of Investigation (FBI) on Tuesday announced the release of a Private Industry Notification (PIN) to warn entities associated with the 2022 Winter Olympics and Paralympic games of potential cyberattacks targeting them.
CISA Adds Recent iOS, SonicWall Vulnerabilities to ‘Must Patch’ List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of eight more vulnerabilities to the list of security flaws known to be exploited in malicious attacks.
Cyber Insights 2022: Improving Criminal Sophistication
CISA’s ‘Must Patch’ List Puts Spotlight on Vulnerability Management Processes
The U.S. Cybersecurity and Infrastructure Security Agency’s catalog of known exploited vulnerabilities can be useful not only for helping organizations patch high-risk vulnerabilities in their systems, but also to help them build or improve vulnerability management processes.
In the Hacker’s Crosshairs: K-12 Schools
In education, cybersecurity is rarely top-of-mind — until a major incident occurs. Yet, according to the Federal Bureau of Investigation (FBI), schools are top targets for cybercriminals, resulting in ransomware attacks, data theft, and the disruption of online learning.
Attack Surface Management Play Censys Scores $35M Investment
The jostling for space in the attack surface management space intensified this week with Michigan startup Censys banking a new $35 million funding round to fuel growth and expansion.
White House Publishes Federal Zero Trust Strategy
Apple Patches ‘Actively Exploited’ iOS Security Flaw
Apple late Wednesday pushed out an urgent iOS update with fixes for 11 documented security flaws and warned that one of the vulnerabilities “may have been actively exploited.”
In a barebones advisory, Apple acknowledged the zero-day took aim at a memory corruption issue in IOMobileFrameBuffer, an oft-targeted iOS kernel extension.
UK’s NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap
The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.