Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks
In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS
In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS
Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared…
Cyber threat intelligence can inform decisions but is a complex issue. Where it is complete and accurate it is a huge boon. The post Cyber Insights 2025: Cyber Threat Intelligence appeared first on SecurityWeek.
Fortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024. The post Fortinet Confirms New Zero-Day Exploitation appeared first on SecurityWeek.
Patch Tuesday: Microsoft has rushed out fixes for a trio of already-exploited zero-day vulnerabilities in the Windows Hyper-V platform. The post Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days appeared first on SecurityWeek.
The FCC adopts declaratory ruling requiring telecommunications providers to secure their networks against nation-states and other threats. The post FCC Taking Action in Response to China’s Telecoms Hacking appeared first on SecurityWeek.
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. “The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes,” cybersecurity firm