Early Warning: What’s new, and what’s in it for you

Free service helps thousands of organisations spot suspicious activity on their networks and a new...

MyDeal data breach impacts 2.2 million people

The online retailer’s data systems were accessed by an unauthorized third party...

Сryptocurrency and Ransomware — The Ultimate Friendship

Both cryptocurrency and ransomware are nothing new in the digital world; both have been there...

Spotlight: After 50 Years, a Look Back at NIST Cybersecurity Milestones

That’s five decades of conducting research and developing guidance....

Chinese ‘Spyder Loader’ Malware Spotted Targeting Organizations in Hong Kong

The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong...

1 Comment

European Police Arrest a Gang That Hacked Wireless Key Fobs to Steal Cars

Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime...

1 Comment

Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software

HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update...

Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4

The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy...

Open for Public Comment: Draft NIST IR 8406, Cybersecurity for the Liquefied Natural Gas Industry: A Cybersecurity Framework Profile

The National Cybersecurity Center of Excellence (NCCoE) has published for comment a draft NIST Interagency...

CMVP Security Policy Requirements: NIST SP 800-140B Rev. 1 (Second Public Draft) Available for Public Comment

The second public draft of NIST Special Publication (SP) 800-140Br1 (Revision 1), CMVP Security Policy...

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages

New research has disclosed what’s being called a security vulnerability in Microsoft 365 that could...

Why Crypto Winter is No Excuse to Let Your Cyber Defenses Falter

Don’t let the ongoing “crypto winter” lull you into a false sense of cybersecurity. Even...

New Prestige Ransomware Targeting Polish and Ukrainian Organizations

A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on...

1 Comment

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite

Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that...

INTERPOL-led Operation Takes Down ‘Black Axe’ Cyber Crime Organization

The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75...

Indian Energy Company Tata Power’s IT Infrastructure Hit By Cyber Attack

Tata Power Company Limited, India’s largest integrated power company, on Friday confirmed it was targeted...

Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month

Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS)...

SHEIN fined US$1.9mn over data breach affecting 39 million customers

The fast fashion brand failed to disclose a data breach in 2018 that saw hackers...

New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos

Telecommunications and IT service providers in the Middle East and Asia are being targeted by...

New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts

A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed...

How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch

With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity...

Mirai Botnet Hits Wynncraft Minecraft Server with 2.5 Tbps DDoS Attack

Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps...

PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks

A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security...

Threat Report 14th October 2022

The NCSC’s threat report is drawn from recent open source reporting....

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild...

NIST Releases 2021 Cybersecurity and Privacy Program Annual Report

NIST Special Publication (SP) 800-220, 2021 Cybersecurity and Privacy Program Annual Report, was recently published—which...

New Timing Attack Against NPM Registry API Could Expose Private Packages

A novel timing attack discovered against the npm’s registry API can be exploited to potentially...

Does the OWASP Top 10 Still Matter?

What is the OWASP Top 10, and – just as important – what is it...

IOTW: Toyota admits to data breach after access key is posted on GitHub

Toyota source code was posted on GitHub, allowing unauthorized access to over 296,000 customer’s details...

Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization

An advanced persistent threat (APT) actor known as Budworm targeted a U.S.-based entity for the first time...