September 25, 2023
Via: Help Net SecurityChanging approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity Most business and technology professionals […]
September 22, 2023
Via: Help Net Security57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) apps facing the highest risk, according to Digital.ai. The study found no correlation between an app’s popularity and likelihood of being attacked but found Android apps […]
September 21, 2023
Via: The RegisterCisco is making its most expensive acquisition ever – by far – with an announcement it’s buying data crunching software firm Splunk for $157 per share, or approximately $28 billion (£22.8b). The transaction, which Cisco said it expects to close […]
September 20, 2023
Via: The RegisterThe International Criminal Court said crooks breached its IT systems last week, and that attack isn’t over yet, with the ICC saying the “cybersecurity incident” is still ongoing. In a statement shared via the site formerly known as Twitter, the […]
September 19, 2023
Via: The RegisterThe Clorox Company, makers of bleach and other household cleaning products, doesn’t expect operations to return to normal until near month end as it combs over “widescale disruption to operations” caused by cyber baddies. The $2 billion turnover biz, whose […]
Threats & Malware, Virus & Malware
September 19, 2023
Via: TechRadarCybersecurity researchers from Sysdig recently uncovered a new cryptojacking campaign that targeted uncommon Amazon Web Services (AWS) services. Cryptojacking is a type of cyberattack in which the threat actor secretly installs a cryptocurrency miner on a target endpoint. While not […]
September 18, 2023
Via: The RegisterLast October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports. The lawsuit, recently unsealed, is a qui tam complaint (in Latin “who as well,”) meaning it was filed […]
September 18, 2023
Via: SecureWorldThe U.S. Internal Revenue Service (IRS) is entrusted with the vital responsibility of safeguarding sensitive taxpayer information. Recent incidents of potential unauthorized access to or disclosure of this data have raised concerns and prompted a thorough review by the Government […]
September 18, 2023
Via: TechRadarOf all the vulnerabilities an organization’s system has, the majority sit within its cloud environment, a new report from cybersecurity researchers Unit 42, part of Palo Alto Networks, has found. As per the report, four in five (80%) of all […]
September 12, 2023
Via: Help Net SecurityNetskope has unveiled that its existing strategic alliance with Deloitte has expanded with the addition of Netskope to the Managed Extended Detection and Response (MXDR) by Deloitte platform. The new Netskope module on MXDR by Deloitte will include advanced cloud […]
Threats & Malware, Vulnerabilities
September 8, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]
September 7, 2023
Via: The Hacker NewsBy the end of 2024, the number of MSPs and MSSPs offering vCISO services is expected to grow by almost 5 fold, as can be seen in figure 1. This incredible surge reflects the growing business demand for specialized cybersecurity […]
Threats & Malware, Virus & Malware
September 5, 2023
Via: The Hacker NewsThe North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. “One characteristic of the attacks identified in 2023 is that there […]
August 31, 2023
Via: Rassell NealAs with every other industry, the automotive sector has seen a massive uptick in cyberthreats since its digital transformation started to pick up pace. The incorporation of Internet of Things (IoT) devices, infotainment systems, autonomous driving, and other connected technologies […]
August 29, 2023
Via: The Hacker NewsAsk any security professional and they’ll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate “fixer” somewhere in the […]
Threats & Malware, Vulnerabilities
August 28, 2023
Via: The Hacker NewsCybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. “An attacker could leverage this abandoned URL to redirect authorization codes to […]
Threats & Malware, Vulnerabilities
August 24, 2023
Via: The Hacker NewsThousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 (CVSS score: 7.5), the vulnerability relates to a path traversal […]
Threats & Malware, Virus & Malware
August 23, 2023
Via: The Hacker NewsA malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally. “It probably finds its way into victim organizations by its operators compromising vulnerable web servers […]
Threats & Malware, Vulnerabilities
August 23, 2023
Via: The Hacker NewsDevelopers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential […]
Threats & Malware, Vulnerabilities
August 22, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to […]