Tag: Cybersecurity

September 25, 2023

Changing approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity Most business and technology professionals […]

September 22, 2023

57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) apps facing the highest risk, according to Digital.ai. The study found no correlation between an app’s popularity and likelihood of being attacked but found Android apps […]

September 21, 2023

Cisco is making its most expensive acquisition ever – by far – with an announcement it’s buying data crunching software firm Splunk for $157 per share, or approximately $28 billion (£22.8b). The transaction, which Cisco said it expects to close […]

September 20, 2023

The International Criminal Court said crooks breached its IT systems last week, and that attack isn’t over yet, with the ICC saying the “cybersecurity incident” is still ongoing. In a statement shared via the site formerly known as Twitter, the […]

September 19, 2023

The Clorox Company, makers of bleach and other household cleaning products, doesn’t expect operations to return to normal until near month end as it combs over “widescale disruption to operations” caused by cyber baddies. The $2 billion turnover biz, whose […]

September 19, 2023

Cybersecurity researchers from Sysdig recently uncovered a new cryptojacking campaign that targeted uncommon Amazon Web Services (AWS) services. Cryptojacking is a type of cyberattack in which the threat actor secretly installs a cryptocurrency miner on a target endpoint. While not […]

September 18, 2023

Last October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports. The lawsuit, recently unsealed, is a qui tam complaint (in Latin “who as well,”) meaning it was filed […]

September 18, 2023

The U.S. Internal Revenue Service (IRS) is entrusted with the vital responsibility of safeguarding sensitive taxpayer information. Recent incidents of potential unauthorized access to or disclosure of this data have raised concerns and prompted a thorough review by the Government […]

September 18, 2023

Of all the vulnerabilities an organization’s system has, the majority sit within its cloud environment, a new report from cybersecurity researchers Unit 42, part of Palo Alto Networks, has found. As per the report, four in five (80%) of all […]

September 12, 2023

Netskope has unveiled that its existing strategic alliance with Deloitte has expanded with the addition of Netskope to the Managed Extended Detection and Response (MXDR) by Deloitte platform. The new Netskope module on MXDR by Deloitte will include advanced cloud […]

September 8, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced […]

September 7, 2023

By the end of 2024, the number of MSPs and MSSPs offering vCISO services is expected to grow by almost 5 fold, as can be seen in figure 1. This incredible surge reflects the growing business demand for specialized cybersecurity […]

September 5, 2023

The North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. “One characteristic of the attacks identified in 2023 is that there […]

August 31, 2023

As with every other industry, the automotive sector has seen a massive uptick in cyberthreats since its digital transformation started to pick up pace. The incorporation of Internet of Things (IoT) devices, infotainment systems, autonomous driving, and other connected technologies […]

August 29, 2023

Ask any security professional and they’ll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate “fixer” somewhere in the […]

August 28, 2023

Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. “An attacker could leverage this abandoned URL to redirect authorization codes to […]

August 24, 2023

Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 (CVSS score: 7.5), the vulnerability relates to a path traversal […]

August 23, 2023

A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally. “It probably finds its way into victim organizations by its operators compromising vulnerable web servers […]

August 23, 2023

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential […]

August 22, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to […]