Chris Inglis, a former NSA deputy director, is being nominated as the government’s first national cyber director. Jen Easterly, a former deputy for counterterrorism at the NSA, has been tapped to run the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security. The appointments come as the Biden administration grapples with the aftermath…

The number of data breaches has skyrocketed during the ongoing health crisis, as hackers have taken full advantage of these uncertain times. According to the FBI’s 2020 Internet Crime Report, complaints soared by 69.4% in the last year. Unfortunately, media coverage of mega breaches (e.g., SolarWinds, Capital One) often puts a spotlight on the tail…

Gen. Paul Nakasone, in prepared remarks to the Senate Armed Services Committee, did not describe those operations, so it was not immediately clear whether these were efforts strictly at defending the United States against intrusions or offensive measures to shut down intruders. He said his command’s operations were designed “to get ahead of foreign threats…

Serving articles about the Perl programming language since 1997 and managed by The Perl Foundation, the domain started pointing to a parked site at the end of January, with evidence suggesting connections to sites distributing malware. The issue, some of those involved with maintaining the site said at the time, was related to an account…

On Dec. 4, users of a simple Android program — a barcode scanner — started witnessing odd behavior when their smartphones suddenly began opening up their browser to display unwanted advertisements. While the devices exhibited the hallmarks of a malware or adware infection, the compromises puzzled most users since they had not recently downloaded new…

The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server. While in most cases an attacker would need to have access to the targeted organization’s network in…

At the recent SANS Cyber Threat Intelligence Summit, two CrowdStrike cybersecurity leads, Senior Security Researcher Sergei Frankoff and Senior Intelligence Analyst Eric Loui, offered details on an emerging major ransomware actor they call Sprite Spider. Like many other ransomware attackers, the gang behind Sprite Spider’s attacks has grown rapidly in sophistication and damage capacity since…

A researcher at Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Comtrol industrial products, including cross-site request forgery (CSRF), reflected cross-site scripting (XSS), blind command injection, and denial-of-service (DoS) issues. The impacted products were found to leverage outdated versions of third-party components that were known to have vulnerabilities, including PHP, OpenSSL,…