Blog archive

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple has released yet another round of security patches to address three actively exploited zero-day...

22
Sep
Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents

A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting...

21
Sep
Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge

The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023,...

21
Sep
The Rise of the Malicious App

Security teams are familiar with threats emanating from third-party applications that employees add to improve...

21
Sep
Microsoft SAS misconfiguration causes 38TB data leak
September 21, 2023

The data leaked included Microsoft Teams messages, passwords and private keys...

China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers

China’s Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei’s servers,...

21
Sep
Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

A financially motivated threat actor has been outed as an initial access broker (IAB) that...

21
Sep
Ukrainian Hacker Suspected to be Behind “Free Download Manager” Malware Attack

The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to...

21
Sep
Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with VenomRAT

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability...

21
Sep
Building on our history of cryptographic research
September 20, 2023

The NCSC has published new cryptographic research on robust cryptography – we explain its significance...

Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace

Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that...

20
Sep
Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could...

20
Sep
What’s Wrong With This Picture? NIST Face Analysis Program Helps to Find Answers
September 20, 2023

Two NIST evaluation studies will help software better detect photo spoofs and image quality issues....

Do You Really Trust Your Web Application Supply Chain?

Well, you shouldn’t. It may already be hiding vulnerabilities. It’s the modular nature of modern...

20
Sep
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry...

20
Sep
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT

Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim...

20
Sep
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption

Encrypted messaging app Signal has announced an update to the Signal Protocol to add support...

20
Sep
GitLab Releases Urgent Security Patches for Critical Vulnerability

GitLab has shipped security patches to resolve a critical flaw that allows an attacker to...

20
Sep
Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability

Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex...

20
Sep
ShroudedSnooper’s HTTPSnoop Backdoor Targets Middle East Telecom Companies

Telecommunication service providers in the Middle East are the target of a new intrusion set...

19
Sep
Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

Targets located in Azerbaijan have been singled out as part of a new campaign that’s...

19
Sep
Be Prepared for Cybersecurity Awareness Month

As your alarm goes off you roll over and pick up your phone. Turning the...

19
Sep
Inside the Code of a New XWorm Variant

XWorm is a relatively new representative of the remote access trojan cohort that has already...

19
Sep
Earth Lusca’s New SprySOCKS Linux Backdoor Targets Government Entities

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen...

19
Sep
Live Webinar: Overcoming Generative AI Data Leakage Risks

As the adoption of generative AI tools, like ChatGPT, continues to surge, so does the...

19
Sep
Over 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to...

19
Sep
Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to...

19
Sep
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data

Microsoft on Monday said it took steps to correct a glaring security gaffe that led...

19
Sep
Journey to the NIST Cybersecurity Framework (CSF) 2.0 | Workshop #3
September 19, 2023

The collaborative process to update the NIST Cybersecurity Framework (CSF), toward CSF 2.0 , continues!...

Journey to the NIST Cybersecurity Framework (CSF) 2.0 | Workshop #3
September 19, 2023

The collaborative process to update the NIST Cybersecurity Framework (CSF), toward CSF 2.0, continues! This...