Sysdig Report Exposes 91% Failure in Runtime Scans
A substantial 91% of runtime scans are failing within organizations, signaling a significant reliance on identifying issues rather than preventing...
News
US Senators Propose Cybersecurity Agriculture Bill
A new bipartisan bill proposed by two US Senators looks to bolster the cybersecurity of the food and agriculture sector....
Pawn Storm’s Stealthy Net-NTLMv2 Assault Revealed
Pawn Storm, an advanced persistent threat (APT) actor also known as APT28, has been targeting high-value entities globally, employing a...
RunC Flaws Enable Container Escapes, Granting Attackers Host Access
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to...
Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is...
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target...
The SEC Won’t Let CISOs Be: Understanding New SaaS Cybersecurity Rules
The SEC isn't giving SaaS a free pass. Applicable public companies, known as "registrants," are now subject to cyber incident...
Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an...
Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited...
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw...
Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited...
Vastaamo Hacker Traced Via Untraceable Monero Transactions Police Says
Julius Aleksanteri Kivimäki, the suspect believed to be behind an attack against one of Finland's largest psychotherapy clinics, Vastaamo, was...
A Mishandled Github Token Exposed Mercedes Benz Source Code
A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. Mercedes-Benz...
Citibank Sued Over Failure To Defend Customers Against Hacks Fraud
New York Attorney General Letitia James sued Citibank over its alleged failure to defend customers against hacks and scams and...
Police Disrupt Grandoreiro Banking Malware Operation Make Arrests
The Federal Police of Brazil and cybersecurity researchers have disrupted the Grandoreiro banking malware operation, which has been targeting Spanish-speaking...
New Linux Glibc Flaw Lets Attackers Get Root On Major Distros
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local...
How Smbs Can Lower Their Risk Of Cyberattacks And Data Breaches
The Akira ransomware group is targeting small to medium-sized businesses (SMBs) - 80% of its victims, since March 2023, have been SMBs....
Us Charges Two More Suspects With Draftking Account Hacks
The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in...
Microsoft Teams Phishing Pushes Darkgate Malware Via Group Chats
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims'...
Online Ransomware Decryptor Helps Recover Partially Encrypted Files
CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. The company announced...
Jenkins Multiple Vulnerabilities
Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution,...
UK House of Lords Calls For Legislation on Facial Recognition Tech
The UK parliament’s upper chamber has said it is “deeply concerned” about unaccountable police use of live facial recognition (LFR)...
Ransomware Incidents Hit Record High, But Law Enforcement Takedowns Slow Growth
Ransomware incidents surged by 68% in 2023 to reach a record high, according to new data from Corvus Insurance. However,...
FBI: Scammers Are Sending Couriers to Collect Cash From Victims
The FBI has claimed $55m were lost from May to December 2023 to scammers posing as representatives of the government,...
