- Apple releases security updates. (to the original material)
- Spring releases security updates addressing "Spring4Shell" and Spring Cloud Function vulnerabilities. (to the original material)
- Next wave of Ukraine attacks - DDoS, malicious tools, and infrastructure disruptions. (to the original material)
- New infosec products of the week: April 1, 2022. (to the original material)
- We need an industry-backed, tech-neutral resource to restore trust in voice communications. (to the original material)
- JavaScript security: The importance of prioritizing the client-side. (to the original material)
- Cloud-native application security is a critical priority, and risk perception is worryingly low. (to the original material)
- Making security mistakes may come with a high price for employees. (to the original material)
- Is IT ready for the metaverse? If not, it should be. (to the original material)
- Spring fixes zero-day vulnerability in Framework and Spring Boot. (to the original material)
- Vulnerabilities in Rockwell Automation PLCs could enable Stuxnet-Like attacks. (to the original material)
- Fingerprint: The pattern of coordinated non-authentic behavior on social media. (to the original material)
- Psychology of Disinformation: Arguments and counter-arguments: from denigration to exchange of ideas. (to the original material)
- Cybersecurity survival tips for small businesses: 2022 edition. (to the original material)
- Latest web hacking tools – Q2 2022. (to the original material)
- Spring4Shell: New info and fixes (CVE-2022-22965). (to the original material)
- Results overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm edition. (to the original material)
- The Week in Ransomware - April 1st, 2022 - 'I can fight with a keyboard'. (to the original material)
- Microsoft now lets you enable the Windows App Installer again, here's how. (to the original material)
- Russian-linked Android malware records audio, and tracks your location. (to the original material)
- Beastmode botnet boosts DDoS power with new router exploits. (to the original material)
- Trend Micro fixes actively exploited remote code execution bugs. (to the original material)
- Critical GitLab vulnerability lets attackers take over accounts. (to the original material)
- EU draft law adds security checks to all crypto transactions. (to the original material)
- Sitel on Okta breach: "spreadsheet" did not contain passwords. (to the original material)
- Focus on physical threats left maritime sector short on cybersecurity, says DHS chief. (to the original material)
- California health plan facing network disruptions after an alleged Hive ransomware attack. (to the original material)
- Patch, remediation advice emerges for Spring4Shell vulnerability. (to the original material)
- Attackers can compromise 94% of critical assets within four steps of breach point. (to the original material)
- FBI warns of ransomware straining local governments, and services. (to the original material)
- CISO summer school: three ways to embrace overlooked security concerns. (to the original material)
- What you need to know about PCI DSS 4.0's new requirements. (to the original material)
- More than ever, security matters. (to the original material)
- NSA employee was indicted for sending classified data outside the Agency. (to the original material)
- Upstart crime site woos Raid Forums orphans. (to the original material)
- Ukraine, Conti, and the law of unintended consequences. (to the original material)
- California: Speak up for biometric and student privacy. (to the original material)
- Public.Resource.Org can keep freeing the law: Court allows posting public laws and regulations online. (to the original material)
- Google opens new ad-targeting API - Topics, ‘Privacy Sandbox’ and FLEDGE. (to the original material)
- House passes better Cybercrime Metrics Act. (to the original material)
- NSA employees are accused of sharing national defense secrets. (to the original material)
- US Cyber Command partners with APUS (American Public University System). (to the original material)
- UK Spy Chief hails Government cell tackling Kremlin fake news. (to the original material)
- Over half of data security incidents are caused by insiders. (to the original material)
- IT services giant admits $42m fallout from a ransomware attack. (to the original material)
- AcidRain Modem Wiper (Ukrop) caused the attack against Viasat satellites. (to the original material)
- CVE-2022-22674 Apple vulnerability could cause RCE with kernel privileges. (to the original material)
- Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked. (to the original material)
- AcidRain, a wiper that crippled routers and modems in Europe. (to the original material)
- Zyxel fixes a critical bug in its business firewall and VPN devices. (to the original material)
- CISA adds Sophos firewall bug to known exploited vulnerabilities Catalog. (to the original material)
- Flaws in Wyze cam devices allow their complete takeover. (to the original material)
- 15-Year-Old bug in PEAR PHP Repository could've enabled supply chain attacks. (to the original material)
- British Police charge two teenagers linked to LAPSUS$ hacker group. (to the original material)
- GitLab releases a patch for a critical vulnerability that could let attackers hijack accounts. (to the original material)
- Russian wiper malware likely behind the recent cyberattack on Viasat KA-SAT modems. (to the original material)
- Critical bugs in Rockwell PLC could allow hackers to implant malicious code. (to the original material)
- Chinese hackers target VMware Horizon servers with Log4Shell to deploy Rootkit. (to the original material)
- GitLab issues critical updates after hard-coding passwords into accounts. (to the original material)
- More charged in UK Lapsus$ investigation. (to the original material)
- Google: Russian credential thieves target NATO, Eastern European military. (to the original material)
- Modem-wiping malware caused Viasat satellite broadband outage in Europe. (to the original material)
- National Security Agency employee indicted for 'leaking top-secret info'. (to the original material)
- UK Spy Chief warns Russia looking for cyber targets. (to the original material)
- Lapsus$: Two UK teenagers charged with hacking for the notorious gang. (to the original material)
- Charity pays over $8 million to resolve federal embezzlement, bribery investigation. (to the original material)
- Connecticut’s Bradley Airport website hit by DDoS; Russia’s Rosaviatsia suffers significant cyberattack. (to the original material)
- Solar Winds can’t dodge investor suit over massive cyberattack. (to the original material)
- Ph: Smartmatic admits ‘data leak’ but not related to 2022 polls. (to the original material)
- AcidRain - A Modem Wiper rains down on Europe. (to the original material)
- Threat Roundup for March 25 to April 1. (to the original material)
- Beers with Talos, Ep. #119: If it walks like a BlackCat, smells like a BlackCat... (to the original material)
- Week in security with Tony Anscombe. (to the original material)
- Ola Finance DeFi platform hacked, nearly $5 million stolen. (to the original material)
- Chinese hackers Deep Panda returns with Log4Shell exploits, new Fire Chili rootkit. (to the original material)
- Zyxel urges customers to patch critical firewall bypass vulnerabilities. (to the original material)
- The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities. (to the original material)
- This Week in Security News - April 1, 2022. (to the original material)
- WordPress popunder malware redirects to scam sites. (to the original material)
- Why enterprises need to consolidate their cybersecurity efforts [Q&A]. (to the original material)
- Log4j continues to be a problem for enterprises. (to the original material)
- Fresh TOTOLINK vulnerabilities picked up by Beastmode Mirai campaign. (to the original material)
- The complete list of hacker and cybersecurity movies. (to the original material)
- Bug Bounty Radar - The latest bug bounty program for April 2022. (to the original material)
- GitLab addresses critical account hijack bugs. (to the original material)
- PHP bug allows attackers to bypass domain filters, and stage DoS attacks against servers. (to the original material)
- Infosec Skills April Challenge: Don’t get fooled by these real-world threats. (to the original material)
- Defence cancels SkyGuardian drones to fund REDSPICE cyber plan. (to the original material)
- Second critical infrastructure cyber security bill passes parliament. (to the original material)
