The Cybersecurity and Infrastructure Security Agency (CISA) is urging users to patch the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The agency, which operates under Department of Homeland Security oversight, issued the alert after achieving remote code execution on

New research by Proofpoint shows that over 3 in 4 firms have found fraudulent domains impersonating their company and a whopping 96% have discovered domains using their exact brand name, but a different top-level domain (TLD), i.e. examplebusiness.net instead of examplebusiness.com. According to Kevin Epstein of Proofpoint, fraudulent domains represent

A recent report[pdf] by the US Government Accountability Office (GAO) highlights a relatively unknown dimension of the impact of the massive 2017 Equifax data breach. The standard method used by many government agencies for identifying US citizens that want to apply for benefits through digital portals, was rendered unsafe by

On Monday, Samsung issued a Tweet informing customers who own one of its smart TVs that they should be scanning their device for malware every few weeks. The message, which also contained a short instructional video, was met with confusion by customers and cybersecurity experts alike. Many customers expressed frustration

Bitdefender has released an updated version of a tool that can decrypt files encrypted by GandCrab ransomware. The free decryptor is the result of a collaborative effort by Bitdefender, the FBI and law enforcement agencies from various European countries. GandCrab was first released in January of last year and quickly

A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

New research by Dragos indicates that the threat actors behind the 2017 Triton (aka Trisis) malware attack that shut down a petrochemical plant in Saudi Arabia, started to scan power grids in the US and Asia-Pacific regions at the end of last year. Because of this, analysts are worried that

A new survey by Shred-it shows that data breaches are very often the result of human error. The majority of C-suite executives (53%) and more than a quarter of Small Business Owners (SBOs) (28%) point to human error or accidental loss by an external vendor/source as the cause of data

US intelligence officials have been investigating the Russian power grid since at least 2012 and recently began targeting power grid control systems in offensive operations, according to a recent New York Times report based on information from current and former government officials. The offensive operations involved infecting Russian systems with

Once again, Twitter has purged thousands of inauthentic user accounts connected to influence operations. A total of 4,779 accounts were removed, many of which were tied to the Iranian regime, while a few were linked to Russia. According to the social media platform, more than 1,600 of the fraudulent accounts