Business

Discontinuing mandatory password rotations, banning outdated MFA methods, and other updates in the NIST SP 800-63 standards for digital account authentication and management.

Phishers have adopted another trick: they send emails pretending to be from Docusign with a fake link to a document that the recipient must sign.

We explore the root causes of the talent crisis in the cybersecurity industry and look for possible solutions.

Telegram bot sells subscriptions to phishing tools to hack Microsoft 365 accounts, including 2FA bypass.

Cybercriminals are using AitM techniques to compromise accounts of company executives. How do they do this, and how to protect against it?

Although Microsoft has radically revised the rollout plan for its controversial Recall feature, cybersecurity teams can’t afford to ignore the issue of “AI onlookers.

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

Developers’ accounts are being hijacked using fake job offers sent from a legitimate GitHub address.

Based on our analysis of ZKTeco vulnerabilities, we dissect the risks associated with biometric authentication.

Cybercriminals are using genuine Facebook infrastructure to send phishing emails threatening to block accounts.

dormakaba Saflok locks — used on around three million doors across 13,000 hotels — are vulnerable to an attack that involves forging electronic keycards.

A credential stuffing attack is one of the most effective ways to take control of accounts. Here’s how it works and what you should do to protect your company.

Dropbox has shared a report on a data breach in the Dropbox Sign e-signature service. What does this mean for users, and what should they do?

Proxyware can make it difficult to detect cyberattacks on organizations — sometimes making the latter unwitting accomplices in crimes.

A look at the biggest ransomware attacks of 2023.

The KeyTrap DoS attack, which can disable DNS servers with a single malicious packet exploiting a vulnerability in DNSSEC.

Why cybercriminals want to attack PR and marketing staff and, crucially, how to protect your company from financial and reputational harm.

Time to update Fortra GoAnywhere MFT: an exploit has been developed for a critical vulnerability that allows attackers to bypass authentication and create admin accounts.

Ethical hackers told 37C3 how they found a few eye-openers while breaking DRM to fix trains.

Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.

Espionage operations to hack corporate routers are now commonplace — and all organizations need to be aware of this.