Interesting precedent over the 2016 Uber Data Breach sentence, concerning the CISO's responsibility in a cybersecurity incident

The US FBI, CISA, and Australian Cyber Security Centre (ACSC) release a joint Cybersecurity Advisory to warn about the emerging BianLian ransomware and data extortion group

Dashlane Enterprise Password Manager is the first to support Passkeys

Dashlane releases its new Confidential SSO feature to allow users to securely and seamlessly log into Dashlane with their existing company SSO credentials.

Phishing is one of the most successful entry points for attackers to compromise an organization. CISA provides an Infographic to help both individuals and companies to be more protected.

Researchers at Leiden Institute of Advanced Computer Science find many fake proof-of-concept (PoC) exploits for vulnerabilities on GitHub, many of them including malware.

The Dutch National Police trick the DeadBolt ransomware gang, by reversing the Bitcoin ransom payments, after receiving the decryption keys for multiple victims.

Mandiant uncovers a new type of malware that targets ESXi Hypervisors, Linux vCenters and SAN arrays, through which attackers gain undeteced privileged access to the underlining virtual machines.

Attackers spam users with MFA push notifications, until they finally accept by error or just because they are overwhelmed. This is becoming more common way of bypassing MFA.

Microsoft releases Defender standalone for Android, Apple iOS, macOS and of course Windows, for customers having a Microsoft 365 home or business subscription

CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination

The Five Eyes (FVEY) intelligence alliance warns managed service providers (MSPs) and their customers around increasing supply chain attacks.

Apple, Google and Microsoft today jointly announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium

Windows Autopatch will keep Windows and Office software on enrolled endpoints up-to-date automatically

Trend Micro Threat Research identify malicious actors actively exploiting the Spring4Shell vulnerability to weaponize and execute the Mirai DDoS botnet malware.

The new juvenile data extortion group, LAPSUS$, has taken big organizations by surprise with their old-fashioned social engineering attacks

A new vulnerability in the Spring Framework for Java Development Kit (JDK) version 9.0 or later. Exposes millions of systems to compromise, similarly to the Log4j vulnerability,

The Cyber Incident Reporting Act introduces new cybersecurity reporting requirements that will apply to businesses in almost every major sector of the economy.

The Microsoft Defender for IoT research team has discovered the method through which MikroTik devices are used in Trickbot’s C2 infrastructure. 

The German BSI federal cybersecurity agency suggests to uninstall Kaspersky antivirus, assuming that it could find itself being used against its management's will to harm instead of protect its customers

Whatsapp chooses Cloudflare to ensure that its javascript code for Whatsapp Web isn't tampered with when it's downloaded on the client browser.

Hive Systems updates its Password Table, considering the new processing power available in 2022

To preserve the integrity of customer data present in its devices in Ukraine, Russia, and Belarus, Cloudflare has implemented Keyless encryption and configured systems to self-isolate in case of compromise.

Google LLC today announced that it has signed a definitive agreement to acquire Mandiant, Inc., a leader in dynamic cyber defense and response, for $5.4 billion

Linux "Dirty Pipe" vulnerability affects Linux Kernel 5.8 and later versions, even on Android devices, allowing a non-privileged user to inject and overwrite data in read-only files.