News

fishing phishing survival competition different point of view

New hyperactive phishing campaign uses SuperMailer templates: Report

Network security firm Cofense was able to identify a code trace in phishing emails that revealed SuperMailer abuse in the attacks.

north korea statue pyongyang

US sanctions four North Korean entities for global cyberattacks

North Korean hackers stole more virtual currency in 2022 than in any previous year, with estimates ranging from $630 million to over $1 billion — reportedly doubling Pyongyang’s total cybertheft proceeds in 2021.

searching, search bar

CyberArk’s enterprise browser promises zero-trust support, policy management

The identity security vendor is set to launch an enterprise browser in response to increasing post-MFA attacks on session cookies.

cyber attack alarm alert

Credential harvesting tool Legion targets additional cloud services

Threat actors now use Legion to steal AWS-specific credentials from web servers to enable email and SMS spam campaigns.

cybersecurity eye with binary face recognition abstract eye

Axiado releases new security processors for servers and network appliances

The new TCUs released by Axiado are built within a single SoC, with AI as added layer of security.

enter neon sign do not tresspass privacy authentication access barbed wire by clem onojeghuo unspla

Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security

Teleport 13 features include Transport Layer Security routing and the ability to import applications/groups from Okta and AWS OpenSearch support for secure database access.

EU / European Union / GDPR data privacy protection, regulation, compliance

Meta fined $1.3B for violating EU GDPR data transfer rules on privacy

The Irish Data Protection Commission has levied a record-breaking fine against Facebook's parent company, Meta, for transferring data to the US without data privacy safeguards.

Cybersecurity  >  Email security threats, such as phishing

Microsoft reports jump in business email compromise activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report.

Security threat [illustration]  >  A hacker with black hat, mask, and crowbar breaks into a laptop.

Legitimate looking npm packages found hosting TurkoRat infostealer

The malicious packages have been downloaded hundreds of times, but the long-term impact is unknown.

samsung message

Guerrilla malware is preinfected on 8.9 million Android devices, Trend Micro says

Guerilla malware, distributed by cybercrime gang Lemon Group, can load additional payloads, intercept one-time passwords from SMS texts, set up a reverse proxy from the infected device, and infiltrate WhatsApp sessions.

mentor teach learn coach partner team by rawpixel via unsplash

Accessibility should be a cybersecurity priority, says UK NCSC

Cybersecurity training, controls, and requirements that are inaccessible, especially to those with disabilities, can make businesses less secure and more vulnerable to risky behaviour.

cisco

Critical remote code execution flaws patched in Cisco small business switches

Some of the vulnerabilities could lead to complete compromise of the device as a proof of concept is publicly available.

Wired brain illustration - next step to artificial intelligence

OX Security adds ChatGPT plugin for AppSec

OX-GPT plugin promises natural-language security analysis for application security teams.

Shutterstock

Organizations reporting cyber resilience are hardly resilient: Study

The study commissioned by Immersive Labs finds majority of cyber resilient companies lack tools to assess their resilience.

cloud security ts

Aviatrix is transforming cloud network security with distributed firewalling

The new distributed cloud firewall offering distributes both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls.

Russian flag overlay / mobile phone / wireless signals / data

Russian national indicted for ransomware attacks against the US

Mikhail Pavlovich Matveev is charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers.

CSO  >  security shield / binary code / handshake / agreement / contract

IBM acquires Polar Security, bolstering data security capabilities

IBM’s purchase of Israel-based application data security startup Polar will see that company’s data security posture management technology integrated into IBM’s Guardium lineup of products.

network wan

Researchers show ways to abuse Microsoft Teams accounts for lateral movement

Attackers have several ways to enable lateral movement within a network via a compromised Teams account.

handsome male executive holding finger up to be quiet keep a secret

Entro exits stealth with context-based secrets management

Entro reveals its first SaaS product to provide a context-based, comprehensive secrets security solution.

Cloud security threats  >  theft / breach / fraud / phishing

Attacker uses the Azure Serial Console to gain access to Microsoft VM

Using the access to virtual machines the attackers employed malicious use of the Serial Console on Azure Virtual Machines to install third-party remote management software within client environments.

Load More