#Web Security

No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.

The bold move signals a looming clash between Russian ransomware groups and the U.S.

An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware.

An SQL-injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware.

The Nobelium group, linked to Russia's spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers - and it's working.

The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.

The infamous Carbanak operator is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure "pen-testing" company.

A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.

The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.

The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.