CISA’s Flags Memory-Unsafe Code in Major Open Source Projects

June 28, 2024 at 01:28PM A new study reveals the widespread and concerning use of memory-unsafe code in major open source software projects, leading to common security issues. Despite this insight, immediate changes are unlikely due to the complexity and cost of rewriting code entirely in memory-safe languages. The report’s findings align with previous studies, … Read more

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

May 23, 2024 at 01:39PM Ransomware attacks on VMware ESXi infrastructure show a consistent pattern, targeting virtualization platforms due to inherent misconfigurations and vulnerabilities. The attacks involve various steps, including initial access, privilege escalation, ransomware deployment, and data exfiltration. Organizations are advised to implement monitoring, robust backups, strong authentication, and network restrictions to mitigate these … Read more

NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains

December 20, 2023 at 10:21AM The NSA’s 2023 Cybersecurity Year in Review report highlights its efforts to block 10 billion user connections to malicious domains, focus on protecting national security systems, offer no-cost cybersecurity services to DoD contractors, release six security products, improve vulnerability scanning, promote AI security, and maintain its commitment to privacy and … Read more