Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Security researchers at Proofpoint are calling attention to the discovery of a commercial red-teaming tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors. read more
Continue ReadingEndpoint detection and response pioneer CrowdStrike is elbowing its way into new security markets with a planned acquisition of attack surface management startup Reposify and a strategic investment in API security vendor Salt Security. read more
Continue ReadingThe Drupal security team has released a “moderately critical” advisory to call attention to serious vulnerabilities in a third-party library and warned that hackers can exploit the bugs to remotely hijack Drupal-powered websites. read more
Continue ReadingIt’s been four months since the Log4j issue exploded onto the internet. All the major software vendors affected by it have by now released patches – but even where companies have patched, it would be wrong to relax. read more
Continue ReadingA pair of security researchers at SentinelLabs have intercepted a piece of destructive wiper malware hitting routers and modems and found digital breadcrumbs suggesting a link to the devastating Viasat hack that took down wind turbines in Germany. read more
Continue ReadingNews analysis: SecurityWeek Editor-at-Large Ryan Naraine examines several factors driving success in the fight against data extortion attacks. read more
Continue ReadingThe U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the final version of its IPv6 security guidance for federal agencies. read more Source: Security Week
Continue ReadingEnterprise security response teams are bracing for a hectic weekend as public exploits — and in-the-wild attacks — circulate for a gaping code execution hole in the widely used Apache Log4j utility. read more Source: Security Week
Continue ReadingThe security problems at enterprise software provider Zoho continue to multiply with confirmation of a new critical authentication bypass vulnerability — the third in four months — being exploited in the wild by advanced threat actors. read more Source: Security Week
Continue ReadingThe Belarusian government is at least partially responsible for the Ghostwriter disinformation campaign, according to security researchers at the Mandiant Threat Intelligence team. read more Source: Security Week
Continue Reading