The issue affects servers running OpenSSL 1.1.1 versions with TLS 1.2 and renegotiation enabled, which is the default configuration. The vulnerability was reported by two researchers from Nokia.

Google announced the formation of the Android Ready SE Alliance. SE vendors are joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets.

In these attacks, the threat actors use automated tools to login into Internet-exposed NAS devices using passwords generated on the spot or from lists of previously compromised credentials.

PII security has to be a priority all the time — it’s not enough to make sure employees are using good password hygiene, avoiding malicious links and attachments in emails, and so on.

PsExec is a Sysinternals utility designed to allow admins to perform tasks on remote computers, such as launching executables and displaying the output on a local computer or creating reverse shells.

Over 75% of cybersecurity awareness professionals are spending less than half their time on security awareness, implying awareness is too often a part-time effort, according to a SANS report.

Head of the Australian Cyber Security Centre (ACSC) Abigail Bradshaw has told senators “10s of organizations” have so far reached out to her agency regarding vulnerable Microsoft Exchange servers.

The REvil ransomware gang has added a new malware capability that enables the attackers to reboot an infected device after encryption, security researchers at MalwareHunterTeam report.

Under the deal, IoT cybersecurity firm Cybeats has become a wholly-owned subsidiary of Relay and has placed all its technologies, trade secrets, and intellectual property into Relay’s care.

Ransomware victims paid attackers at least $144.35 million in bitcoin between 2013 and 2019, according to a recent FBI bulletin that likely fails to account for millions of dollars.