Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an...
News
What’s Wrong with Manufacturing?
In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in...
CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its...
Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss...
The Different Methods and Stages of Penetration Testing
The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial...
New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining
Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023....
YoroTrooper Stealing Credentials and Information from Government and Energy Organizations
A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of...
Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising
A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue...
Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects
A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed...
How to Apply NIST Principles to SaaS in 2023
The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute's cybersecurity...
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware
Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon,...
Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack
Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two...
Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities
Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet...
The Prolificacy of LockBit Ransomware
Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat...
Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily
An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability...
GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral...
New ‘supply chain mapping’ guidance
New ‘supply chain mapping’ guidance Supply chain mapping is the process of recording, storing and using information gathered from suppliers...
Zero trust migration: How will I know if I can remove my VPN?
Zero trust migration: How will I know if I can remove my VPN? As your organisation makes the transition to...
Medusa ransomware gang picks up steam as it targets companies worldwide
A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar...
CASPER attack steals data using air-gapped computer’s internal speaker
Researchers at the School of Cyber Security at Korea University, Seoul, have presented a new covert channel attack named CASPER...
Staples-owned Essendant facing multi-day “outage,” orders frozen
Essendant, a wholesale distributor of stationary and office supplies, is experiencing a multi-day systems "outage" preventing customers and suppliers from...
IceFire ransomware now encrypts both Linux and Windows systems
Threat actors linked to the IceFire ransomware operation now actively target Linux systems worldwide with a new dedicated encryptor. SentinelLabs...
AT&T alerts 9 million customers of data breach after vendor hack
AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked...
GitHub makes 2FA mandatory next week for active developers
GitHub will start requiring active developers to enable two-factor authentication (2FA) on their accounts beginning next week, on March 13....
