The Current State of Business Email Compromise Attacks
Business Email Compromise (BEC) poses a growing threat to businesses of all sizes. As BEC attacks have almost doubled across...
News
NPM ecosystem at risk from “Manifest Confusion” attacks
The NPM (Node Package Manager) registry suffers from a security lapse called "manifest confusion," which undermines the trustworthiness of packages...
Exploit released for new Arcserve UDP auth bypass vulnerability
Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can...
Brave Browser boosts privacy with new local resources restrictions
The Brave team has announced that the privacy-centric browser will soon introduce new restriction controls allowing users to specify how...
US-CERT Vulnerability Summary for the Week of June 19, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control
Drones that don't have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling...
CryptosLabs Scam Ring Targets French-Speaking Investors, Rakes in €480 Million
Cybersecurity researchers have exposed the workings of a scam ring called CryptosLabs that's estimated to have made €480 million in...
5 Things CISOs Need to Know About Securing OT Environments
For too long the cybersecurity world focused exclusively on information technology (IT), leaving operational technology (OT) to fend for itself....
8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
A ransomware threat called 8Base that has been operating under the radar for over a year has been attributed to...
Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution
Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable...
US-CERT Vulnerability Summary for the Week of June 19, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
New Mockingjay Process Injection Technique Could Let Malware Evade Detection
A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious...
New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain
Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to...
EncroChat Bust Leads to 6,558 Criminals’ Arrests and €900 Million Seizure
Europol on Tuesday announced that the takedown of EncroChat in July 2020 led to 6,558 arrests worldwide and the seizure...
Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation
As the business environment becomes increasingly connected, organizations' attack surfaces continue to expand, making it challenging to map and secure...
Anatsa Banking Trojan Targeting Users in US, UK, Germany, Austria, and Switzerland
A new Android malware campaign has been observed pushing the Anatsa banking trojan to target banking customers in the U.S.,...
New Fortinet’s FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could...
New techniques added to the NCSC’s ‘risk management toolbox’
New techniques added to the NCSC’s ‘risk management toolbox’ It has been 5 years since we last updated our risk...
Suncor Energy cyberattack impacts Petro-Canada gas stations
Petro-Canada gas stations across Canada are impacted by technical problems preventing customers from paying with credit card or rewards points...
Man charged in US for running ‘Monopoly’ darknet drug market
A 33-year-old man from Serbia has been extradited from Austria to the United States to face charges of running a...
Anatsa Android trojan now steals banking info from users in US, UK
A new mobile malware campaign since March 2023 pushes the Android banking trojan 'Anatsa' to online banking customers in the...
Hackers steal data of 45,000 New York City students in MOVEit breach
The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal information of up...
New PindOS JavaScript dropper deploys Bumblebee, IcedID malware
Security researchers discovered a new malicious tool they named PindOS that delivers the Bumblebee and IcedID malware typically associated with...
Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities
The proliferation of cybercrime on the internet has given rise to thousands of criminal communities. These corners of the internet,...
