On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds.Security researchers representing penetration test provider Pentest Limited pulled this off after demoing a zero-day bug part of a successful Improper Input Validation attack against Samsun

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000 for demonstrating zero-day attacks against NAS devices, printers, smart speakers, routers, and smartph

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are

Apple has announced a trio of new security and privacy features for its operating systems and devices. iMessage Contact Key Verification, support for security keys, and Advanced Data Protection will turn Apple devices into some of the most secure available. These three features will be rolling out through 2023. Here’s what they are and how they will

Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct DoS attacks. Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a

In complex environments, the need for privilege solutions has grown. Typically, companies with network infrastructure or critical data have personal privileged accounts set up, while traditional Privileged Access Management (PAM) tools rely on the creation of accounts and privileges. As a result, enterprises are encountering a problem that’s known as Z

Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. The technique was discovered while conducting unrelated research on

CyberDanube Security Research 20221130-0-------------------------------------------------------------------------------               title| Multiple Vulnerabilities             product| Delta Electronics DX-2100-L1-CN  vulnerable version| V1.5.0.10       fixed version| V1.5.0.12          CVE number| -              impact| High            homepage| https://w

CyberDanube Security Research 20221130-1-------------------------------------------------------------------------------               title| Authenticated Command Injection             product| Delta Electronics DVW-W02W2-E2  vulnerable version| V2.42       fixed version| V2.5.2          CVE number| -              impact| High            homepage| https://ww

Just about anywhere you look, organizations are relying on Software-as-a-Service (SaaS) apps like Dropbox and Hubspot to help power their businesses. With more SaaS apps, however, comes increased security risks. While SaaS is without a doubt the easiest and most accessible way for businesses to reap the benefits of the cloud, these services are del

CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack.This figure was published today on the U.S. Department of Health breach portal, where healthcare organizations are legally obligated to report data breaches impacting over 500 individuals.At the start of October, the Illino

MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets.The group adopted the new tactic in a campaign that might have started in September but wasn’t observed until October and combined the use of a legitimate remote a

The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang.The Health Sector Cybersecurity Coordination Center (HC3) —HHS' security team— revealed in a new analyst note published Wednesday that the

Implementation of security automation can be overwhelming, and has remained a barrier to adoptionPreviously, I wrote about balancing security automation and the human element to accelerate security automation initiatives. Equally important to address are the implementation aspects of security automation, which are holding many organizations back. In fact, a

Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sa