Measuring the Attack/Defense Balance - Schneier on Security
âWhoâs winning on the internet, the attackers or the defenders?â Iâm asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jainâs latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all doing collectivelyâand not just how an individual network is doing. Healey wrote to me in email: The work rests on three key insights: (1) defenders need a framework (based in threat, vulnerability, and consequence) to categorize the flood of potentially relevant security metrics; (2) trends are what matter, not specifics; and (3) to start, we should avoid getting bogged down in collecting data and just use whatâs already being reported by amazing teams at Verizon, Cyentia, Mandiant, IBM, FBI, and so many others...
US Tops Hit List as 396 SharePoint Systems Compromised Globally
A total of 396 compromised Microsoft SharePoint systems have been identified globally, affecting 145 organizations across 41 countries in the wake of the ToolShell zero-day vulnerability
Cobalt Strike Beacon delivered via GitHub and social media
A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon.
Minnesota governor activates National Guard after cyberattack on state capital
Mayor Melvin Carter said during a press conference on Tuesday that the city is most concerned about the data it holds on government employees, arguing that the city does not carry much information on city residents.
Minnesota activates National Guard after St. Paul cyberattack
Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday.
Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration
The latest guidance on Scattered Spider from the FBI and agencies in the U.K., Canada and Australia says the cybercrime group is often looking for Snowflake data storage credentials when it picks a company to attack.
Russian airline Aeroflot grounds dozens of flights after cyberattack
Aeroflot, Russia's flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights.
Palo Alto, Calif., July 29, 2025, CyberNewswire â Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as âVerifiedâ and âChrome Featuredâ provided by extension stores as a security indicator. The recent Geco Colorpick case exemplifies how these certifications provide nothing more than a false sense
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company.