Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack
Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two...
News
Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities
Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet...
The Prolificacy of LockBit Ransomware
Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat...
Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily
An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability...
GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral...
New ‘supply chain mapping’ guidance
New ‘supply chain mapping’ guidance Supply chain mapping is the process of recording, storing and using information gathered from suppliers...
Zero trust migration: How will I know if I can remove my VPN?
Zero trust migration: How will I know if I can remove my VPN? As your organisation makes the transition to...
CASPER attack steals data using air-gapped computer’s internal speaker
Researchers at the School of Cyber Security at Korea University, Seoul, have presented a new covert channel attack named CASPER...
Staples-owned Essendant facing multi-day “outage,” orders frozen
Essendant, a wholesale distributor of stationary and office supplies, is experiencing a multi-day systems "outage" preventing customers and suppliers from...
Medusa ransomware gang picks up steam as it targets companies worldwide
A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar...
AT&T alerts 9 million customers of data breach after vendor hack
AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked...
GitHub makes 2FA mandatory next week for active developers
GitHub will start requiring active developers to enable two-factor authentication (2FA) on their accounts beginning next week, on March 13....
Protecting collocated servers from DDoS attacks using GRE tunnels
For any company that relies heavily on online sales and transactions, the increasing number of cyberattacks targeting e-commerce websites is...
IceFire ransomware now encrypts both Linux and Windows systems
Threat actors linked to the IceFire ransomware operation now actively target Linux systems worldwide with a new dedicated encryptor. SentinelLabs...
FBI warns of cryptocurrency theft via “play-to-earn” games
Cybercriminals are now using fake rewards in so-called "play-to-earn" mobile and online games to steal millions worth of cryptocurrency, according...
Akamai mitigates record-breaking 900Gbps DDoS attack in Asia
Akamai reports having mitigated the largest DDoS (distributed denial of service) attack ever launched against a customer based in the...
SonicWall devices infected by malware that survives firmware upgrades
A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that...
Police seize Netwire RAT malware infrastructure, arrest admin
An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator...
Microsoft: Business email compromise attacks can take just hours
Microsoft’s Security Intelligence team recently investigated a business email compromise (BEC) attack and found that attackers move rapidly, with some...
Xenomorph Android malware now steals data from 400 banks
The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new...
CISA warns of critical VMware RCE flaw exploited in attacks
CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the...
Mental health provider Cerebral alerts 3.1M people of data breach
Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and...
Security researchers targeted with new malware via job offers on LinkedIn
A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job...
Blackbaud to pay $3M for misleading ransomware attack disclosure
Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission...
