CISA Unveils Healthcare Cybersecurity Guide
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a Mitigation Guide specifically tailored for the Healthcare and Public...
News
US-CERT Vulnerability Summary for the Week of November 6, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1e -- platformThe 1E-Exchange-URLResponseTime instruction that is part of the Network product...
Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking
Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it...
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle...
NetSupport RAT Infections on the Rise – Targeting Government and Business Sectors
Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The...
Product Walkthrough: Silverfort’s Unified Identity Protection Platform
In this article, we will provide a brief overview of Silverfort's platform, the first (and currently only) unified identity protection...
Why Defenders Should Embrace a Hacker Mindset
Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud...
DarkGate and PikaBot Malware Resurrect QakBot’s Tactics in New Phishing Attacks
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging...
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
An Indian hack-for-hire group targeted the U.S., China, Myanmar, Pakistan, Kuwait, and other countries as part of a wide-ranging espionage,...
Researchers extract RSA keys from SSH server signing errors
A team of academic researchers from universities in California and Massachusetts demonstrated that it’s possible under certain conditions for passive network...
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in...
US-CERT Vulnerability Summary for the Week of November 6, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1e -- platformThe 1E-Exchange-URLResponseTime instruction that is part of the Network product...
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated...
FCC adopts new rules to protect consumers from SIM-swapping attacks
The Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in...
US-CERT Vulnerability Summary for the Week of November 6, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1e -- platformThe 1E-Exchange-URLResponseTime instruction that is part of the Network product...
8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated...
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called...
An RFC on IoCs – playing our part in international standards
An RFC on IoCs – playing our part in international standards In August 2023, the IETF published the document Indicators...
British Library: Ongoing outage caused by ransomware attack
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several...
Bloomberg Crypto X account snafu leads to Discord phishing attack
Image: Bloomberg Crypto The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive...
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs
Google's Threat Analysis Group (TAG) has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive...
Yamaha Motor confirms ransomware attack on Philippines subsidiary
Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak...
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues...
The Week in Ransomware – November 17th 2023 – Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt...
