SMB

By hijacking domains with CNAME records and exploiting forgotten SPF records, attackers seize domains and use them for their own purposes.

We explain in simple terms research demonstrating a vulnerability in modern digital video cameras.

Proxyware can make it difficult to detect cyberattacks on organizations — sometimes making the latter unwitting accomplices in crimes.

Cybersecurity lessons from the movie “The Beekeeper”.

A backdoor implanted into XZ Utils has found its way into popular Linux distributions.

We review a recent research paper highlighting a major hardware vulnerability in Apple M1, M2, and M3 CPUs.

A recent study shows how it’s possible to identify typed text from the sound of keystrokes — even in far-from-ideal environments.

To go undetected, attackers can operate in your network without any malware at all. How to detect them and prevent damage?

SIM swap fraud is back in vogue. We explain what it is, the danger it poses to organizations, and how to guard against such attacks.

Cybercriminals prey on access to mailing tools by sending phishing emails through these same tools.

The KeyTrap DoS attack, which can disable DNS servers with a single malicious packet exploiting a vulnerability in DNSSEC.

Why cybercriminals want to attack PR and marketing staff and, crucially, how to protect your company from financial and reputational harm.

Our colleagues conducted a study in which, among other things, they assessed how education in the field of information security relates to a career in that field.

A fresh study of some unexpected properties of a standard feature of all modern smartphones and tablets.

A vulnerability in the glibc library affects most major Linux distributions.

Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.

Single sign-on is supposed to enhance corporate security, but it’s essential that cloud vendors have the information security team’s back.

What’s the principle of least privilege, why’s it needed, and how does it help secure corporate information assets?

Attackers are hijacking hotel accounts on Booking.com, and stealing their clients’ banking data through its internal messaging system.

Methods used by attackers to redirect victims to malicious and phishing sites from seemingly safe URLs.

Cybercriminals send the Remcos remote-access trojan under the guise of letters from a new client.