In today’s world where hybrid and remote work are on the rise, and companies rely on email now more than ever, phishing remains one of the most prominent and sophisticated techniques that malicious actors utilize to attack organizations and gain access to their most sensitive information. Twenty-seven percent of all cyberattacks involve business email

From securing e-commerce transactions to encrypting data sent via email and verifying software packages, Public Key Infrastructure (PKI) and encryption are essential to secure online communications. But what exactly is PKI, how does it work, and what role does it play in encryption and internet security as a whole?What Is Public Key Infrastructure?The intern

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation.Marketing automation platform Mailchimp revealed recently that its security team discovered unauthorized access to one of its tools on January 11. The tool is used by the company’s customer-facin

Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.According to new data from software supply chain security startup Chainguard, SBOMs being generated by existing tools fail to meet the minimum da

The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical -- and already exploited -- security vulnerability in the widely used CentOS Control Web Panel utility.The agency added the CVE-2022-44877 flaw to its KEV (Known Exploited Vulnerabilities) catalog and set a February 7th deadline for federal

Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.The CVE-2022-24086 bug (CVSS score of 9.8) is described as an improper input validation bug in the checkout process. It

Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.The vulnerability, patched by Zoho last November, affects multiple Zoho ManageEngine products and can be reached over the internet to launch code execu

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise.Tesla, in tandem with Pwn2Own organizations Zero Day Initiative, is offering a $600,000 cash prize to any hacker capable of writing exploits that pivot through multiple systems

Hack The Box, a British startup working on technology to simplify cybersecurity skills training, has banked a $55 million funding round as venture capital investors place big bets on the subscription-based talent assessment space.Hack the Box said the $55 million Series B was led by global investment firm Carlyle. Paladin Capital Group, Osage University Part

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox.The zero-day, flagged by researchers at anti-malware company Avast, was exploited in live attacks to elevate privileges and escape a

Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.The vulnerabilities, in the enterprise-facing Zoom Rooms product, could be exploited in privilege escalation attacks on both Windows and macOS platforms.The company’s first batch of patches for 2023 includ

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a range of enterprise-facing products.The most prominent update, for the widely deployed Adobe Acrobat and Reader software, fixes critical-severity flaws that expose Windows and macOS users to code execution attacks.Accordin

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices.In a blog post documenting its research into four known macOS ransomwar

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a shiny crystal ball to find the cybersecurity narratives that will dominate this year’s headlines.For the most part, not much will change. Organizations large and small will continue to acknowledge major data breaches,

Data security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category.Financial terms of the acquisition were not disclosed. Remediant, based in San Francisco and backed by Dell Technologies Capital and ForgePoint Capital, raised $15 million in Series A venture capit