News

05 malware
Salesforce

AWS

Trellix, Netskope announce new Amazon Security Lake support to enhance threat detection, remediation

Trellix expands XDR support for Amazon Security Lake while Netskope integrates its SSE platform with AWS’ centralized security data service.

seagatebarracuda

Barracuda patches zero-day vulnerability exploited since October

The vulnerability stemmed from incomplete input validation of user-supplied .tar files as it pertains to the names of the files contained within the archive.

fishing phishing survival competition different point of view

Phishing remained the top identity abuser in 2022: IDSA report

The survey revealed phishing as the most common identity-related incident in 2022, with “emails” as the most popular type.

Multifactor authentication  >  Mobile phone verification of a permission request for laptop login.

Frontegg launches entitlements engine to streamline access authorization

Frontegg’s new entitlement engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls.

Can your employer spy on your iPhone or Android phone?

Screen recording Android app found to be spying on users

iRecorder was a legitimate app made available on Google Play Store in September 2021. A remote access trojan AhRat was most likely added to it a year later.

12 ransomware

Hackers hold city of Augusta hostage in a ransomware attack

The ransomware group has released 10GB of sample data from the cyberattack on the US city of Augusta and claimed they have a lot more data available.

A hook is cast at laptop email with fishing lures amid abstract data.

New phishing technique poses as a browser-based file archiver

The new technique has a hacker simulate an archiving app in the web browser to trick victims as they try to access a .zip domain.

Electricity grid

Researchers find new ICS malware toolkit designed to cause electric power outages

Mandiant recommends threat-hunting steps to detect COSMICENERGY despite no confirmed attacks in the wild.

Conceptual image of a network of executives / silhouettes of executives in motion.

New CISO appointments, February 2023

Keep up with news of CSO, CISO, and other senior security executive appointments.

VMware: Why CISOs Are Looking to Lateral Security to Mitigate Ransomware

How to check for new exploits in real time? VulnCheck has an answer

VulnCheck’s new database tracks exploits for fresh vulnerabilities in real time and allows for search using CVE IDs.

Person holding phone near a laptop while getting two-factor authentication info

Inactive accounts pose significant account takeover security risks

Inactive accounts that haven’t been accessed for extended periods are more likely to be compromised due to password reuse and lack of multifactor authentication.

A laptop displays binary code and the flag of China.

Microsoft links attacks on American critical infrastructure systems to China

The Chinese nation-state actor has been actively conducting espionage and information-gathering attacks on American systems since mid-2021.

fighter hacker skull and crossbone skeleton scary mask sebastiaan stam 573834 unsplash

SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups

Research shows a shift toward advanced persistent threat actors compromising smaller organization, in part to enable other attacks.

fishing phishing survival competition different point of view

New hyperactive phishing campaign uses SuperMailer templates: Report

Network security firm Cofense was able to identify a code trace in phishing emails that revealed SuperMailer abuse in the attacks.

north korea statue pyongyang

US sanctions four North Korean entities for global cyberattacks

North Korean hackers stole more virtual currency in 2022 than in any previous year, with estimates ranging from $630 million to over $1 billion — reportedly doubling Pyongyang’s total cybertheft proceeds in 2021.

searching, search bar

CyberArk’s enterprise browser promises zero-trust support, policy management

The identity security vendor is set to launch an enterprise browser in response to increasing post-MFA attacks on session cookies.

cyber attack alarm alert

Credential harvesting tool Legion targets additional cloud services

Threat actors now use Legion to steal AWS-specific credentials from web servers to enable email and SMS spam campaigns.

cybersecurity eye with binary face recognition abstract eye

Axiado releases new security processors for servers and network appliances

The new TCUs released by Axiado are built within a single SoC, with AI as added layer of security.

Load More