Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge...
News
The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024
By the end of 2024, the number of MSPs and MSSPs offering vCISO services is expected to grow by almost...
Outlook Breach: Microsoft Reveals How a Crash Dump Led to a Major Security Breach
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge...
Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks
Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker...
Mirai Botnet Variant ‘Pandora’ Hijacks Android TVs for Cyberattacks
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them...
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA
A threat actor known as W3LL developed a phishing kit that can bypass multi-factor authentication along with other tools that...
Toyota says filled disk storage halted Japan-based factories
Image: Midjourney Toyota says a recent disruption of operations in Japan-based production plants was caused by its database servers running...
Flipper Zero can be used to launch iOS Bluetooth spam attacks
The Flipper Zero portable wireless pen-testing and hacking tool can be used to aggressively spam Bluetooth connection messages at Apple...
Mirai variant infects low-cost Android TV boxes for DDoS attacks
Image: Midjourney A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions...
September Android updates fix zero-day exploited in attacks
The September 2023 Android security updates tackle 33 vulnerabilities, including a zero-day bug currently targeted in the wild. This high-severity...
How SMEs can use Wazuh to improve cybersecurity
Cybersecurity has become a crucial concern for businesses of all sizes and sectors in today's digital era. Cyber attacks are...
University of Michigan requires password resets after cyberattack
On Tuesday, the University of Michigan (UMICH) warned staff and students that they must reset their account passwords after a...
US-CERT Vulnerability Summary for the Week of August 28, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoearcms -- ear_appAn issue found in Earcms Ear App v.20181124 allows a...
Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw
Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that...
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant
The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment...
Mac users targeted in new malvertising campaign delivering Atomic Stealer
Summary Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the...
Way Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack Surface
In today's digital age, it's not just about being online but how securely your organization operates online. Regardless of size...
New Python Variant of Chaes Malware Targets Banking and Logistics Industries
Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. "It has undergone...
Three CISOs Share How to Run an Effective SOC
The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape...
New BLISTER Malware Update Fuelling Stealthy Network Infiltration
An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to...
W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts
A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over...
9 Alarming Vulnerabilities Uncovered in SEL’s Power Management Products
Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). "The most severe...
Ukraine’s CERT Thwarts APT28’s Cyberattack on Critical Energy Infrastructure
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical...
Continuous Security: PTaaS Bridges the Gap within Application Security
Pen testing, also known as "ethical hacking," involves a team of cybersecurity professionals tasked to test the resilience of an organization's...
