A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.
Security experts say that 5G supply chain concerns should be taken seriously – whether it’s in the context of Huawei or not.
The malicious Chrome extensions were secretly collecting users' browser data and redirecting them to malware-laced websites.
The scam uses a range of themes, including tech-support scares and slot machines.
Customers of RBC, HSBC, TD, Meridian, BNC and Chase are targeted in latest attack.
Top stories of this week include a new Emotet Wi-Fi hack and Robbinhood ransomware operators using a "bring your own bug" technique.
Flaws in the blockchain app some states plan to use in the 2020 election allow bad actors to alter or cancel someone’s vote or expose their private info.
Researchers are urging users of the GDPR Cookie Consent WordPress plugin to update as soon as possible.
A new Data Protection Agency would overhaul federal regulation efforts around data privacy - but experts are skeptical that the U.S. government can get it right.
A recent phishing scam targeted Puerto Rico’s Industrial Development Company.
The tech giant acknowledged some achievements in efforts to bolster mobile app security but recognized more needs to be done.
The release of Firefox 73 fixed high-severity memory safety bugs that could cause arbitrary code execution and missing bounds check that could enable memory corruption.
Among other issues, the music platform didn't limit the number of login attempts someone could make.
Katie Moussouris sounds off on the challenges behind creating successful bug bounty programs.
The IR Management and Reporting Template attempt to assist the CISO – not only perform a top edge response to cyberattacks but also ensure that this professional and critical work is understood and acknowledged.
Cybercriminals double down on successful internet scams, with a focus on phishing, BEC and other defrauding schemes that have proven to work.
There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update.
The high-severity vulnerability could enable denial of service, privilege escalation and information disclosure.
Middleware data was exposed, which can create a secondary path for malware through which applications and data can be compromised.
Overall, Adobe patched flaws tied to 42 CVEs as part of its regularly scheduled updates.