DoJ Won’t Charge ‘Good Faith’ Security Researchers
Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.Source
Majority of Kubernetes API Servers Exposed to the Public Internet
Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.Source
6 Scary Tactics Used in Mobile App Attacks
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.Source
![S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]](https://cybersecuritynews.ie/wp-content/uploads/2022/05/s3-ep83-cracking-passwords-patching-firefox-and-apple-vulns-podcast-400x250.png)
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
Latest episode - listen now! Source
Phishing Attacks for Initial Access Surged 54% in Q1
For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.Source
MITRE Creates Framework for Supply Chain Security
System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.Source
CISA to Federal Agencies: Patch VMWare Products Now or Take Them Offline
Last month attackers quickly reverse-engineered VMWare patches to launch RCE attacks. CISA warns it's going to happen again.Source
How Pwn2Own Made Bug Hunting a Real Sport
From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.Source
CISA: Unpatched F5 BIG-IP Devices Under Active Attack
Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.Source
The Industry Must Better Secure Open Source Code From Threat Actors
Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.Source