Business

Researchers have devised a theoretical attack to steal private encryption keys through monitoring standard CPU and OS behavior.

Companies need to build a culture of security, but this is impossible when employees are afraid to discuss incidents or suggest improvements.

Using anomalies in the behavior of users, devices, applications, and other entities to detect cyberthreats.

Attackers are sending phishing emails to developers of PyPi packages and Firefox add-ons.

We dive into which corporate systems support passkeys, where compatibility falls short, and why we probably won’t be saying goodbye to passwords anytime soon.

Regulation and the evolving threat landscape are driving companies to adopt more resilient forms of employee authentication. Are passkeys a cost-effective and straightforward replacement for traditional passwords?

Causes of discrepancies in Common Vulnerability Scoring System ratings, common mistakes when using CVSS for vulnerability prioritization, and how to do this right.

Two critical zero-day vulnerabilities in SharePoint are actively exploited by attackers in real-world attacks.

A curious case of spear-phishing email techniques employed on a mass scale.

We break down the Common Vulnerability Scoring System: what it’s for, how it’s used in practice, and why the Base Score is just the beginning — not the end — of vulnerability assessment.

How the research tool Defendnot disables Microsoft Defender by registering a fake antivirus, and why you shouldn’t always trust what your operating system says.

This is a story of how a blockchain developer lost US$500 000 to a fake Solidity extension from the Open VSX marketplace.

How cybercriminals can exploit your online store — and how to stop them.

How integrated industrial cybersecurity solutions protect OT networks and reduce the cost of critical incidents.

Drawing from INTERPOL’s just-released Africa Cyberthreat Assessment Report, we identify which threats most often target developing businesses – and how to stop them.

Researchers have found several vulnerabilities in the Sitecore CMS platform that enable unauthenticated remote code execution (RCE).

Researchers have found a vulnerability that allows attackers to get root privileges on most Linux distributions.

How to assess all the complexities of open-source application integration in advance, and choose the most efficient solutions.

Internet Explorer sends its regards: a vulnerability in the HTTP protocol extension allows attackers to run malicious code — even on a modern operating system.

While open-source projects let you build almost any infosec solution, it’s crucial to realistically assess your team’s resources and the time it would take to achieve your goals.

Since 2016, a threat actor has been exploiting insecure plugins and themes to infect WordPress websites and redirect traffic to malicious websites.