Category: Network security

July 18, 2023

Stolen ChatGPT credentials flood dark web markets# Over the past year, 100,000 stolen credentials for ChatGPT were advertised on underground sites, being sold for as little as $5 on dark web marketplaces in addition to being offered for free. Stolen […]

July 13, 2023

SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor […]

July 11, 2023

What is the MITRE ATT&CK Framework?# MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures (TTPs) used in cyberattacks. Created by the nonprofit organization […]

July 10, 2023

Generative AI is everywhere these days – in the media, at the RSA conference, in vendor announcements. It seems like everyone associated with the supply side of cybersecurity is talking about generative AI, but not the demand side. Cybersecurity pros […]

July 3, 2023

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can […]

June 30, 2023

Clickjacking can be described as a dangerous form of online hide-and-seek. Hackers hide malicious links behind recognizable or appealing webpages and wait for users to unintentionally seek them out. Unlike the childhood version of hide-and-seek, the seeker in these UI […]

June 28, 2023

For too long the cybersecurity world focused exclusively on information technology (IT), leaving operational technology (OT) to fend for itself. Traditionally, few industrial enterprises had dedicated cybersecurity leaders. Any security decisions that arose fell to the plant and factory managers, […]

June 28, 2023

Drones that don’t have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which […]

June 26, 2023

Widespread attacks against companies and government agencies through a trio of zero-day vulnerabilities in the MOVEit Managed File Transfer platform has granted notoriety to the Cl0p ransomware group. The list of affected data continues to grow, including personal data on […]

June 22, 2023

A critical security flaw has been disclosed in the WordPress “Abandoned Cart Lite for WooCommerce” plugin that’s installed on more than 30,000 websites. “This vulnerability makes it possible for an attacker to gain access to the accounts of users who […]

June 22, 2023

The world is witnessing an exponential rise in ransomware and data theft employed to extort companies. At the same time, the industry faces numerous critical vulnerabilities in database software and company websites. This evolution paints a dire picture of data […]

June 21, 2023

When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta’s information security program Reduce the friction caused by information security controls Use security expertise to […]

June 21, 2023

Web3 is just around the corner, paving the way for a new digital future. According to Gartner, 25% of companies will integrate legacy apps and services with decentralized Web3 technologies by 2024. This shift holds immense potential for businesses, but […]

June 20, 2023

Taiwanese company ASUS on Monday released firmware updates to address, among other issues, nine security bugs impacting a wide range of router models. Of the nine security flaws, two are rated Critical and six are rated High in severity. One […]

June 20, 2023

The Quick Serve Restaurant (QSR) industry is built on consistency and shared resources. National chains like McDonald’s and regional ones like Cracker Barrel grow faster by reusing the same business model, decor, and menu, with little change from one location […]

June 16, 2023

The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor’s capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via […]

June 14, 2023

For the better part of the 90s and early aughts, the sysadmin handbook said, “Filter your incoming traffic, not everyone is nice out there” (later coined by Gandalf as “You shall not pass”). So CIOs started to supercharge their network […]

May 31, 2023

Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and […]

May 26, 2023

5G is a game changer for mobile connectivity, including mobile connectivity to the cloud. The technology provides high speed and low latency when connecting smartphones and IoT devices to cloud infrastructure. 5G networks are a critical part of all infrastructure […]

May 23, 2023

Cyber threats have a long reach. What seems like a low-level cyber incident can have a larger ripple effect, impacting millions of innocent people. A password breach that occurs in a private company, such as Colonial Pipeline, can end up […]