Attack Surface Analyzer is a Microsoft developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration: gi…

The MITRE Corporation, one of the most respected organizations in the cybersecurity field, has released today D3FEND, a complementary framework to its industry-recognized ATT&CK matrix.

A critical bug chain allows attackers to impersonate the vendor and impact code at the root level.

Cyber insurers reported a spike in losses in 2020 as companies across a wide range of industries were hit by costly cyberattacks and ransomware incidents.

Critical Software: Enhancing the Security of the Software Supply Chain

Posted by Oliver Chang, Google Open Source Security team and Russ Cox, Go team  In recent months, Google has launched several efforts to st...

Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards.

Introducing our first ever emerging tech conference! If you’re looking to boost your career in emerging tech, then this conference is for you! A chance to explore and engage with fellow professionals! Registration now open: bit.ly/3xYaq7A #ai #blockchain…

Allowing organisations to claim back ransom payments could be making the problem of ransomware worse - but cyber insurance could be used to help improve security, says RUSI research paper.

Risk prioritization helps you move away from testing approaches that don’t suit the scale and complexity of your environment, nor the evolution of threats.

На сайте Федерального агентства по техническому регулированию и метрологии ( http://www.gost.ru/ ) в июньском 2021 года разделе ( http://pr...

Cisco devices come under new attacks, including a destructive hacktivist campaign therecord.media/cisco-devices-…

The European Union Agency for Cybersecurity identifies the cybersecurity challenges SMEs face today and issues recommendations.

ukncsc/Device-Security-Guidance-Configuration-Packs: This repository contains policy packs which can be used by system management software to configure device platforms (such as Windows 10 and iOS) in accordance with NCSC device security guidance. github…

Risks of Evidentiary Software schneier.com/blog/archives/…

How can organizations develop a risk-aware culture? Sourya Biswas weighs in on the ISACA Now blog. bit.ly/3hbmVpy #risk #cisa #cism

Хех, агентство CISA решило завести каталог "вредных советов", точнее "bad practices" кибербезопасности. Видимо, когда лучшие практики не воспринимают серьезно, то проще довести как плохо) Ведь плохо делать все умеют) cisa.gov/BadPractices

Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including…

This is very important! If you have the "Print Spooler" service enabled (which is the default), any remote authenticated user can execute code as SYSTEM on the domain controller. Stop and Disable the service on any DC now! twitter.com/gentilkiwi/sta…