Attack Surface Management 2022 Midyear Review Part 3
In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the...
News
Improve Post-Quantum Cryptography Security with CSPM
Gain valuable insight into the emerging world of post-quantum computing. Understand the threats attackers with access to quantum computers pose....
Cybersecurity Posture & Insurance Outlook with Advisen
Trend Micro’s Eric Skinner, and Advisen, an insurance data and analytics company, discuss the current threat landscape, cyber risk management,...
Latest on OpenSSL 3.0.7 Critical Bug & Security-Fix
Potential disruptions following vulnerabilities found in OpenSSL. If you like the site, please consider joining the telegram channel or supporting...
RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM
A new campaign spreading RomCom RAT impersonates popular software brands like KeePass, and SolarWinds. The threat actor behind the RomCom...
The 10th edition of the ENISA Threat Landscape (ETL) report is out!
I’m proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of...
Cisco addressed several high-severity flaws in its products
Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple...
LockBit ransomware gang claims the hack of Continental automotive group
The LockBit ransomware group claimed to have hacked the multinational automotive group Continental and threatens to leak stolen data. LockBit...
250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack
Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US....
Experts link the Black Basta ransomware operation to FIN7 cybercrime gang
Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers...
Updated TikTok Privacy Policy confirms that Chinese staff can access European users’ data
TikTok updated its privacy policy for European Economic Area (“EEA”) and confirmed that its Chinese staff can access their users’ data....
Fortinet fixed 16 vulnerabilities, 6 rated as high severity
Fortinet addressed 16 vulnerabilities in some of the company’s products, six flaws received a ‘high’ severity rate. One of the...
Server-side attacks, C&C in public clouds and other MDR cases we observed
Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the...
Vitali Kremez passed away
I’m deeply saddened by the absurd death of Vitali Kremez, he died during a scuba diving off the coast of...
4 Malicious apps on Play Store totaled +1M downloads
Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. Malwarebytes researchers...
SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority
Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022,...
Dropbox discloses unauthorized access to 130 GitHub source code repositories
Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File...
OpenSSL fixed two high-severity vulnerabilities
The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote...
APT trends report Q3 2022
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of...
LockBit 3.0 gang claims to have stolen data from Thales
The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is...
Experts warn of critical RCE in ConnectWise Server Backup Solution
ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the...
Ransomware activity and network access sales in Q3 2022
Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M....
Samsung Galaxy Store flaw could have allowed installing malicious apps on target devices
A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected...
APT10: Tracking down LODEINFO 2022, part II
In the previous publication ‘Tracking down LODEINFO 2022, part I‘, we mentioned that the initial infection methods vary in different...
