What can we learn from the passwords used in brute-force attacks?
There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.”
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.
James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape
Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation.
The private sector probably isn’t coming to save the NVD
Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor.
What’s the deal with the massive backlog of vulnerabilities at the NVD?
Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted.
The internet is already scary enough without April Fool’s jokes
The security community is still reflecting on the “What If” of the XZ backdoor.
Vulnerability in some TP-Link routers could lead to factory reset
There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11.
April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution
Though April’s monthly security update from Microsoft includes 150 vulnerabilities, only three of them are considered “critical."