Tag Archives: it security

How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch

With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity...

14
Oct
Mirai Botnet Hits Wynncraft Minecraft Server with 2.5 Tbps DDoS Attack

Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps...

14
Oct
PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks

A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security...

14
Oct
Threat Report 14th October 2022
October 13, 2022

The NCSC’s threat report is drawn from recent open source reporting....

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild...

13
Oct
New Timing Attack Against NPM Registry API Could Expose Private Packages

A novel timing attack discovered against the npm’s registry API can be exploited to potentially...

13
Oct
NIST Releases 2021 Cybersecurity and Privacy Program Annual Report
October 13, 2022

NIST Special Publication (SP) 800-220, 2021 Cybersecurity and Privacy Program Annual Report, was recently published—which...

Does the OWASP Top 10 Still Matter?

What is the OWASP Top 10, and – just as important – what is it...

13
Oct
IOTW: Toyota admits to data breach after access key is posted on GitHub
October 13, 2022

Toyota source code was posted on GitHub, allowing unauthorized access to over 296,000 customer’s details...

Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization

An advanced persistent threat (APT) actor known as Budworm targeted a U.S.-based entity for the first time...

13
Oct
Modified WhatsApp App Caught Infecting Android Devices with Malware

An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying...

13
Oct
Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

A threat actor tracked as Polonium has been linked to over a dozen highly targeted...

13
Oct
Nine months on from the Cyber Essentials update – debunking some myths
October 12, 2022

Anne W takes stock of where we are following the changes to Cyber Essentials in...

Hackers Using Vishing to Trick Victims into Installing Android Banking Malware

Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android...

12
Oct
Scribe Platform: End-to-end Software Supply Chain Security

As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams...

12
Oct
Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both...

12
Oct
64,000 Additional Patients Impacted by Omnicell Data Breach – What is Your Data Breach Action Plan?

In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has...

12
Oct
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the...

12
Oct
Over 1.2 million credit card numbers leaked on hacking forum
October 12, 2022

The free release contains credit card numbers, along with personal details of credit card holders...

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft’s Patch Tuesday update for the month of October has addressed a total of 85 security...

12
Oct
Supply chain cyber security: new guidance from the NCSC
October 11, 2022

Guidance describes practical steps to help organisations assess cyber security in their supply chains....

BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics

The operators behind the BazaCall call back phishing method have continued to evolve with updated...

11
Oct
Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a...

11
Oct
The Latest Funding News and What it Means for Cyber Security in 2023

The White House has recently announced a $1 billion cyber security grant program that is...

11
Oct
Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their...

11
Oct
Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and...

11
Oct
Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky

A new piece of research has detailed the increasingly sophisticated nature of the malware toolset...

10
Oct
New Report Uncovers Emotet’s Delivery and Evasion Techniques Used in Recent Attacks

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control...

10
Oct
Intel Confirms Leak of Alder Lake BIOS Source Code

Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has...

10
Oct
Hackers Steal $100 Million Cryptocurrency from Binance Bridge

BNB Chain, a blockchain linked to the Binance cryptocurrency exchange, disclosed an exploit on a...

10
Oct