CISA is ordering US federal agencies to remove outdated routers and firewalls
Obsolete edge gear is now seen as a primary intrusion path for state-backed hackers
New CISA alert: encryption isn't what's failing on Signal and WhatsApp
State-backed hackers aren't cracking Signal. They're cracking your phone.
Why it matters: Hackers are bypassing encryption used in messenger apps by compromising the phones and convenience features like QR-based sign-ins. The latest campaign targets high-value targets. The attacks have scraped device data, text messages, and even audio recordings. Their techniques require no user interaction and can remain hidden for years.
Worldwide cyberattack underway as hackers exploit Microsoft SharePoint zero-day vulnerability
CISA has identified the exploit as a top-level security threat, a patch is now out
A hot potato: A newly uncovered security flaw in Microsoft's SharePoint software has sparked a widespread series of cyberattacks targeting government organizations, educational institutions, energy companies, and private enterprises around the globe. This threat has prompted coordinated investigations by authorities in the United States, Canada, and Australia, with cybersecurity experts warning that these intrusions represent one of the most serious server-level breaches seen in recent memory.
US cyber defense agency urges developers to eliminate buffer overflow vulnerabilities
"Secure by design" is the new way forward
FBI shifts stance, recommends encryption to keep phone chats private
Cyber-criminals abroad have done a lot of damage to the security psyche
US officials confirm Chinese hackers had access to law enforcement wiretap systems for months
The group is a splinter of a larger state-backed hacking collective known as Typhoon
Tech manufacturers must eliminate default passwords, says cyberdefense agency CISA
Cybersecurity best practices can't rely on decisions by single users or organizations
Use Rust or C#, abandon C++: Five Eyes agencies warn about memory safety in programming languages
Software developers need to step up their secure-by-design game, and fast
The US, UK and 16 other countries sign agreement for safe AI development
The potential for AI to turn rogue is a major concern among developers and lawmakers
US cyberdefense agencies NSA and CISA disclose top 10 security misconfigurations
Common misconfigurations provide cyber-criminals with easy access and exploitability opportunities
AVrecon botnet operated unnoticed for two years, infecting 70,000 Linux-based routers
The malicious network craftily avoided detection for two years at least
Buffer overflow-type memory bugs remain the most dangerous vulnerabilities out there
Everyone likes to write outside proper memory addresses, the US government says
US government is providing more time to certify software security
Vendors and federal agencies will have to comply with the new certification rules, eventually
Hackers used legitimate remote help-desk tools to scam multiple US federal agencies
Widespread campaign tricked federal employees into "refunding" bad actors fake charges
CISA joins the NSA in advising legacy Windows users to patch against BlueKeep vulnerability
BlueKeep could lead to another WannaCry-like attack
