Navigating Legacy Infrastructure: A CISO’s Actionable Strategy for Success
Every company has some level of tech debt. Unless you're a brand new start-up, you most likely have a patchwork...
News
Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw
Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit,...
Tornado Cash Founders Charged in Billion-Dollar Crypto Laundering Scandal
The U.S. Justice Department (DoJ) on Wednesday unsealed an indictment against two founders of the now-sanctioned Tornado Cash cryptocurrency mixer...
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho...
The Hidden Dangers of Public Wi-Fi
Public Wi-Fi, which has long since become the norm, poses threats to not only individual users but also businesses. With...
New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia
A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye,...
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023,...
New “Whiffy Recon” Malware Triangulates Infected Device Location via Wi-Fi Every Minute
The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows...
Last call for mWISE, the security conference for frontline practitioners.
We’re down to the final weeks of registration for mWISE, the highly targeted, community-focused cybersecurity conference from Mandiant, now part...
Hackers use public ManageEngine exploit to breach internet org
The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk...
Exploit released for Ivanti Sentry bug abused as zero-day in attacks
Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code...
Jupiter X Core WordPress plugin could let hackers hijack sites
Two vulnerabilities affecting some version of Jupiter X Core, a premium plugin for setting up WordPress and WooCommerce websites, allow...
FBI warns of patched Barracuda ESG appliances still being hacked
The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway (ESG) remote command injection flaw...
Ransomware hackers dwell time drops to 5 days, RDP still widely used
Ransomware threat actors are spending less time on compromised networks before security solutions sound the alarm. In the first half of...
New Whiffy Recon malware uses WiFi to triangulate your location
Cybercriminals behind the Smoke Loader botnet are using a new piece of malware called Whiffy Recon to triangulate the location...
Attack Dwell Times Fall but Threat Actors Are Moving Faster
The dwell time of cyber-attacks fell to a median of eight days in the first half of 2023, but attackers...
Sensitive Data of 10 Million at Risk After French Employment Agency Breach
The French national employment agency, Pôle emploi, has been hit by a cyber-attack potentially exposing critical information of up to...
Sextortion Scams Surge 178% in a Year
Security researchers have detected a 178% increase in sextortion emails between the first half of 2022 and the same period...
St Helens Council Warns of Phishing After Ransomware Breach
A UK local authority has warned citizens to watch out for follow-on scams after it was breached in a ransomware...
Teens Found Responsible For Lapsus$ Cyber-Attacks
An Oxford teenager has been found responsible for a series of hacking incidents impacting big-name brands, as part of the...
New Study Sheds Light on Adhubllka Ransomware Network
Cybersecurity researchers have unveiled a complex web of interconnected ransomware strains that trace their origins back to a common source:...
Data of 2.6 Million Duolingo Users Leaked on Hacking Forum
Data from 2.6 million users of Duolingo, a language learning platform with over 74 million monthly users, has been leaked...
NIST Publishes Draft Post-Quantum Cryptography Standards
Draft post-quantum cryptography (PQC) standards have been published by the US National Institute of Standards and Technology (NIST). The new...
FBI Flags $40M Crypto Cash-Out Plot By North Korean Hackers
The Federal Bureau of Investigation (FBI) has issued a stark warning to cryptocurrency firms regarding a surge in blockchain activity...
