All active GitHub users who contribute code will be required to enable at least one form of two-factor authentication by the end of 2023.

But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

More than $43 billion has been lost through Business Email Compromise and Email Account Compromise scams since 2016, according to data.

CISA added 41 vulnerabilities to its catalog of known exploited bugs this week.

Github said that all users who upload code to the site will need to enable one or more forms of 2FA by the end of 2023.

The FBI has disclosed that more than $43 billion has been lost from BEC attacks between June 2016 and December 2021.

Cisco released its Cloud Controls Framework (CCF).

Alexa Ranking Service Shutdown To Impact Cybersecurity.

CREST Partners with Immersive Labs to Offer Course Focused on Incident Response.

IBM has been warning about the cybersecurity skills gap for several years now and has recently released a report on the lack of AI skills.

The Federal Bureau of Investigation says BEC and email account compromise (EAC) losses have surpassed $43 billion.

The decision to kill off the popular web traffic analysis and website ranking service does have some impact on the cybersecurity industry.

The FBI said that the amount of money lost to business email compromise (BEC) scams continue to grow each year.

COBALT MIRAGE Conducts Ransomware Operations in US.

FBI Says Business Email Compromise Attacks Have Cost Over $43 Billion Since 2016.

The amount of money lost to business email compromise scams continues to grow each year, with a 65% increase.

All developers contributing code on GitHub will be required to enable at least one form of two-factor authentication by the end of the year.

The number of bug bounty programs offered by enterprises and government agencies continues to expand.

The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes.

The Federal Bureau of Investigation (FBI) reported losses from business email compromise (BEC) attacks increased by 65%.

Even shutting down your iPhone might not keep it safe from hackers, but experts say most people don’t have much to worry about.

Since Emotet is spread primarily through malicious email files or links, companies should reinforce security best practices.

The final public draft puts a renewed focus on the design principles and concepts for engineering trustworthy secure systems.

For years, cybersecurity appeared largely immune from the ups and downs of the tech job market.

Artificial intelligence (A.I.) isn’t quite ready to take over the world, but it’s moving a step closer.

Microsoft products provide “an attractive attack surface, as employees are constantly working with various documents.

Microsoft Office products present threat actors with an attractive attack surface as employees are constantly working with various documents

Overall, cloud infrastructures are more resilient to ransomware attacks.

Microsoft’s new patch for Follina prevents code injection. However, the exploit code will still launch msdt.exe.

Push Fatigue is when a user is consistently spammed with push notifications from an MFA service.

The way we try to certify supply chain partners today just doesn’t work.

The recent zero-day demonstrates the large attack surface in Office and the need to harden properly.

The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.

US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated “Maui” ransomware

The latest criminal use of a legitimate red-teaming tool helps attackers stay under the radar and better access living-off-the-land binaries

Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware’s bare-metal hypervisor tech.

Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting.

A report from consulting firm Accenture finds survey respondents reported an average of 270 separate attacks on their infrastructure in 2021

Organizations need to assume a breach has already happened.

The United States has doubled the available reward for useful information on North Korea state-sponsored attacks on U.S. organizations

CCPA imposed its first fine and charged Sephora $1.2m for failing to inform customers.

Organizations should look to upskilling young cybersecurity workers as an employee retention strategy