By now, as the end of the first quarter of the 21st century draws near, everyone is surely aware that user passwords are digital gold, and that protecting them is a key aspect of ensuring data security and privacy. Yet despite this, not all companies store passwords properly still. In this post we look at how NOT to show more ...
A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware.
Fiber optic networks and better connectivity for Chad's users are part of the ICT modernization project with the Chinese networking giant.
Responsible disclosure must strike a balance between the immediate need to protect users and the broader security implications for the entire community.
While cloud-based email offers more security than on-premises, insurance firms say it matters whether you use Microsoft 365 or Google Workspace.
A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have?
Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.
Metasploit creator's shift into enterprise asset discovery and passive scanning with startup runZero is a natural evolution of his exploratory cyber career.
Proactive Security holds the elusive promise of helping enterprises finally get ahead of threats, but CISOs must come to grips with the technological and philosophical change that it brings.
The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following responsible disclosure on September 6, 2023.
A new gang on the dark web, known as Ransomed.vc, claims to have breached all of Sony's systems in a ransomware attack. The hackers allegedly uncovered screenshots, internal documents, and thousands of files, some of which are in Japanese.
The latest release includes various updates such as support for IDA Pro 8.3, improvements in handling functions without names, and faster Abseil maps in the differ engine. BinDiff is available for download on GitHub.
The company has engaged cybersecurity experts and law enforcement to investigate the incident and is taking steps to notify affected individuals and regulatory authorities.
According to SpyCloud, info-stealer malware, such as Raccoon, Vidar, and Redline, is a common precursor to ransomware attacks, with 76% of infections involving Raccoon info-stealer malware.
ZenRAT is a new malware targeting Windows users and being distributed via fake Bitwarden installation packages. The malware redirects non-Windows users to a benign webpage while stealing information from Windows users.
Organizations must find a balance between excessive cybersecurity measures that hinder progress and relaxed measures that can lead to serious incidents with potentially greater negative impacts.
Cybersecurity teams must prioritize developing their defense skills to effectively identify and stop potential cyberattacks, as automated technologies cannot detect every threat.
MGM Resorts is facing class action litigation in two separate lawsuits filed in U.S. District Court in Nevada in connection with the cyberattack launched against the company earlier this month.
Security firm Emsisoft on Friday estimated that at least 2,054 organizations have been affected by the MOVEit software attacks. That's a sharp rise from one week ago when its count of affected organizations stood at about 1,190.
Through the acquisition, Stratascale professionals and their customers gain visibility of attack vectors and points of vulnerability, enhancing Stratascale’s ability to deliver proactive cybersecurity services.
ShadowSyndicate is believed to be an initial access broker (IAB) or an affiliate working with multiple ransomware operations, including Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, Cactus, and Play, based on evidence found by researchers.
The Royal ransomware group infiltrated Dallas' systems, surveilled and exfiltrated data for a month before launching a ransomware attack, causing widespread disruption to critical city services.
SentinelOne found the Sandman APT group targeting telecommunications companies in the Middle East, Western Europe, and South Asia using a novel backdoor called LuaDream. The researchers noted that the campaign began in August and demonstrates advanced tactics. With this, the Middle East is once again under cyberespionage scrutiny.
The cost of insider risks for organizations is at an all-time high, with the average annual cost reaching $16.2 million, a 40% increase in four years, according to DTEX Systems.
Social engineering attacks mounted by the adversary make use of Microsoft CHM file lures to drop a custom variant of an open-source Visual Basic Script backdoor called ReVBShell, which subsequently serves to deploy the Bisonal remote access trojan.
The ALPHV ransomware group, also known as the BlackCat hacker collective, has recently targeted three new victims in their cyberattacks. The group has demonstrated adaptability and employed advanced technical methods in their attacks.
"Smishing Triad" is leveraging compromised Apple iCloud accounts and illegally obtained databases containing personally identifiable information (PII) to carry out their attacks.
The stolen data includes names, addresses, health card numbers, and clinical information related to fertility, pregnancy, newborn, and child healthcare, with potential impacts on individuals from January 2010 to May 2023.
The flaw, CVE-2023-32315, allows attackers to bypass authentication and create new admin accounts, enabling them to install malicious Java plugins and execute arbitrary code on compromised servers.
The attack started on September 18, and officials immediately took steps to isolate and shut down affected systems. The Ministry of Finance assured that payment and payroll systems were on a separate network and that workers would be paid.
Debian Linux Security Advisory 5505-1 - Matteo Memelli reported an out-of-bounds read flaw when parsing CDP addresses in lldpd, an implementation of the IEEE 802.1ab (LLDP) protocol. A remote attacker can take advantage of this flaw to cause a denial of service via a specially crafted CDP PDU packet.
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
WatchGuard Firebox Web Update Unpacker is a small utility for extracting file system images from sysa-dl update files. The unpacker has been tested on firmware for the M400 and M500 series.
A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following responsible disclosure on September 6,
A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future's Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to "Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government,
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. What is cybersecurity compliance?
An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors. Some of the other targeted prominent
How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your organization’s threat response Summary of Findings The Network Effect Threat Report offers insights based on unique data from Fastly’s Next-Gen WAF from Q2 2023 (April 1, 2023 to June 30, 2023). This report
Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step. Based on FIDO standards, Passkeys were first announced in May
Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell said in a new joint report. The actor, active since
The founder of a news outlet outlawed in Russia for its independent reporting and stance on the war in Ukraine, believes that a country in the European Union was behind the hacking of her iPhone with military-grade spyware. Read more in my article on the Hot for Security blog.
Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?
