Jeff Goldman Avatar
  • Microsoft Defender logo.

    Windows PGM Accounts for Half of Patch Tuesday’s Critical Flaws

    Microsoft’s Patch Tuesday for June 2023 addresses 78 vulnerabilities, a significant increase from last month’s total of 37. While six of the flaws are critical, Microsoft says none are currently being exploited in the wild. The six critical vulnerabilities are as follows: Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, noted […]

  • Threat detected sign with a binary background.

    5 Ways to Configure a SIEM for Accurate Threat Detection

    A security information and event management (SIEM) system is about as complicated as a security tool can get, pulling in log and threat data from a wide range of sources to look for signs of a cyber attack. Not surprisingly, they can be challenging to manage. A recent Gurucul survey of over 230 security pros […]

  • apple security

    New Apple RSR Flaw Blocks MDM Functionality on macOS Devices

    Addigy, which provides management solutions for Apple devices, today warned that Apple’s new Rapid Security Response (RSR) updates aren’t being delivered to as many as 25 percent of macOS devices in managed environments, and that the failure to do so is also impacting mobile device management (MDM) stacks on those devices. RSR updates are new […]

  • fingerprint spoof

    A Threat to Passkeys? BrutePrint Attack Bypasses Fingerprint Authentication

    Security researchers recently published a paper detailing an attack they say can be used to bypass smartphone fingerprint authentication. Yiling He of China’s Zhejiang University and Yu Chen of Tencent Security’s Xuanwu Lab are calling the attack BrutePrint, which they say can be used to hijack fingerprint images. An attack like BrutePrint could present a […]

  • Cisco Warns of Multiple Flaws in Small Business Series Switches

    Cisco is warning that nine significant vulnerabilities in its Small Business Series Switches could enable unauthenticated remote attackers to cause a denial-of-service condition or execute arbitrary code with root privileges on affected devices. The vulnerabilities are caused by improper validation of requests sent to the switches’ web interfaces, the company said. While the Cisco Product […]

  • Man with a wrench on a digital environment background.

    Microsoft Flaws Include Secure Boot Bypass, System-Level Takeovers

    Microsoft’s Patch Tuesday for May 2023 fixes two actively exploited vulnerabilities, including a Secure Boot bypass and system-level takeover.

  • Metallic key in keyhole on blue digital code background.

    Google Launches Passkeys in Major Push for Passwordless Authentication

    Passkeys are a promising technology for passwordless authentication, and Google is leading the way.

  • Data security breach concept.

    Misconfigured Registries: Security Researchers Find 250 Million Artifacts Exposed

    Development teams are exposing critical data and secrets online. Here’s what to do about it.

  • Attackers Continue to Leverage Signed Microsoft Drivers

    In December of last year, Microsoft worked with SentinelOne, Mandiant, and Sophos to respond to an issue in which drivers certified by Microsoft’s Windows Hardware Developer Program were being used to validate malware. Unfortunately, the problem hasn’t gone away. In a recent Mastodon post, security expert Kevin Beaumont observed, “Microsoft are still digitally signing malware […]

  • Windows CLFS Vulnerability Used for Ransomware Attacks

    Microsoft’s Patch Tuesday for April 2023 targets 97 vulnerabilities, seven of them rated critical – as well as one that’s currently being exploited in the wild. The one flaw that’s currently being exploited, CVE-2023-28252, is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver that could provide an attacker with […]

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis