A second vulnerability in Zyxel firewalls has been exploited in Helldown ransomware attacks over the past weeks.
The post CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Government Guidance on Chinese Telco Hacking Highlights Threat to Cisco Devices
Government agencies issue guidance on Chinese telecoms hacking as US officials say threat actors may have yet to be expelled.
The post Government Guidance on Chinese Telco Hacking Highlights Threat to Cisco Devices appeared first on SecurityWeek.
Virtual Event Today: Cyber AI & Automation Summit
SecurityWeek’s Cyber AI & Automation Summit takes place on December 4th, as a fully immersive online experience.
The post Virtual Event Today: Cyber AI & Automation Summit appeared first on SecurityWeek.
Spotting the Charlatans: Red Flags for Enterprise Security Teams
Even with careful and deliberate hiring, enterprise security teams will find themselves with a charlatan from time to time.
The post Spotting the Charlatans: Red Flags for Enterprise Security Teams appeared first on SecurityWeek.
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that’s created by criminals for criminal purposes.
The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted
The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted
Android’s December 2024 Security Update Patches 14 Vulnerabilities
Google has released patches for 14 high-severity vulnerabilities as part of Android’s December 2024 security update.
The post Android’s December 2024 Security Update Patches 14 Vulnerabilities appeared first on SecurityWeek.
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud’s flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and
Solana Web3.js Library Backdoored in Supply Chain Attack
Supply chain attack leads to decentralized application developers downloading backdoored versions of the Solana Web3.js library.
The post Solana Web3.js Library Backdoored in Supply Chain Attack appeared first on SecurityWeek.
Law Enforcement Read Criminals’ Messages After Hacking Matrix Service
Law enforcement has taken down yet another encrypted messaging service used by criminals, but not before spying on its users.
The post Law Enforcement Read Criminals’ Messages After Hacking Matrix Service appeared first on SecurityWeek.
How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges
Many organizations struggle with password policies that look strong on paper but fail in practice because they’re too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy