We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders
A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.
Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.
DragonRank, a Chinese-speaking SEO manipulator service provider
Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.
The 2024 Threat Landscape State of Play
Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers.
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor.
The best and worst ways to get users to improve their account security
In my opinion, mandatory enrollment is best enrollment.
Watch our new documentary, "The Light We Keep: A Project PowerUp Story"
The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country.
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date Office versions and can still be vulnerable.