Identity services provider Okta recently disclosed a security incident involving its support case management system where unidentified threat actors used stolen credentials to gain access, allowing them to view confidential files uploaded by specific Okta customers as part of their support cases.
Recent developments signal a significant stride in the fight against cybercrime. Europol, Europe’s primary law enforcement agency, has announced the arrest of a suspected developer of the notorious Ragnar Locker ransomware.
The article discusses the necessity of redefining cybersecurity infrastructure to successfully incorporate IoT into various industries.
An extensive investigation into a series of cyberattacks by the Russian hacking group ‘Sandworm’ against telecommunication service providers in Ukraine. The group’s malicious activities include disruption of services, cyberespionage, and potential data breaches.
A vulnerability (CVE-2023-43261) found in pre-version 35.3.0.7 Milesight routers allows unauthorized access. Moreover, concerns loom over 5% of a total of 5,500 internet-exposed Milesight routers. Additionally, Titan MFT and Titan SFTP servers exhibit potential security loopholes.
Permeating the cybersecurity sphere are continually escalating threats. Often, the main targets are governments. OilRig, linked to Iran, is one actor worth noting.
The article delves into the cybersecurity issue emanating from Synology’s DiskStation Manager’s (DSM) weak random number generator used for creating passwords, explaining how it could potentially allow hackers to decode account administrator’s passwords and seize accounts remotely.
The Lazarus Group, a North Korean hacker collective, utilizes a variety of deceptive strategies, including advanced malware like LightlessCan, to carry out major cyber attacks. The Group has reportedly stolen about $3.5 billion from cryptocurrencies since 2016.
A brief discussion on the importance and techniques of protecting financial data in the context of cybersecurity. A Locking Down Financial and Accounting Data webinar is recommended.
Twin security breaches, identified as CVE-2023-37265 and CVE-2023-37266, garnered a CVSS score of 9.8, which exploit cloud security vulnerabilities for arbitrary code execution and hostile takeover. Sonar security researcher, Thomas Chauchefoin, identified these that bypass authentication parameters, giving access to the CasaOS dashboard.
This article discusses the increasing cybersecurity concerns around Discord platform. It unveils how nation-state hacking groups are exploiting Discord’s functionalities for malicious activities focussed on critical infrastructure.
Over 17,000 WordPress sites fell victim to ruthless cyber threats in September 2023. The Silent Threat: Rising Cyberattacks Signal a Wake-Up Call for Security.
Changes are imminent in the digital world as DarkGate, a prominent malware, stealthily creeps into the spotlight. The malware operates meticulously and is rapidly spreading through instant messaging platforms.
A comprehensive review of the transformation from traditional passwords to a more secure and efficient technology – passkeys, embraced by tech giants like Google, Apple, and Microsoft.
Child sexual abuse content (CSAM) and online threats to children are alarmingly prevalent today. Tools like Safer are crucial to address this issue, ensuring a safer online space for our children.
As cyber threats grow increasingly sophisticated, the need for robust cybersecurity measures escalates. One of the essential strategies companies employ revolves around upgrading their systems. A prime example is Microsoft’s Windows 10 Pro…
The Lazarus Group, linked to North Korea, has enhanced cybercrime statistics with a $900 million cryptocurrency heist, using cross-chain crime for rapid conversion of crypto assets and facilitating money laundering.
The article explores the pros and cons of wired and wireless security systems, and emphasizes the importance of a secure IT infrastructure.
API security has swiftly emerged as the unseen frontier of cybersecurity. A recent study reveals the extent of API-related data breaches on organizations worldwide. This post discusses the report findings and implications for businesses.
This post discusses the evolution of browser security, the limitations of Browser Isolation, and how Secure Browser Extensions are tackling modern web threats. It also covers the emergence of enterprises like Palo Alto Networks in this field, and the efforts of startups such as Authentic8 and Seraphic Security to enhance browser security.
A new malware strain menacingly titled ZenRAT is on the loose, primarily attacking unsuspecting Windows users, according to enterprise security firm Proofpoint. The malware masquerades as the well-known Bitwarden password manager and is capable of redirecting traffic to ill-intended websites.
The virtual world is witnessing escalating threats from cyber criminals. Stealthy and sophisticated malwares like XWorm, Chae$4, and a new variant of the notorious BBTok banking trojan add new layers to the cybersecurity conversation.
In a significant win for cybersecurity, Finnish authorities have managed to dismantle the notorious PIILOPUOTI Dark Web drug marketplace. This case is yet another instance of how cybersecurity forces are persistently advancing to match the pace of the digital underworld.
Scientists from renowned academic institutions have disclosed a groundbreaking vulnerability in contemporary graphics processing units (GPUs). This recently discovered GPU side-channel attack, named GPU.zip, poses a serious risk to all major modern GPUs, revealing them to be vulnerable to alarming information leakage.
AtlasCross, a new cyber threat, leverages the reputation of respected humanitarian organizations for its exploits. The Red Cross has shockingly been used as a phishing lure to distribute previously unidentified malware dubbed DangerAds and AtlasAgent.
An unidentified individual released a fake proof-of-concept (PoC) exploit for a WinRAR vulnerability on GitHub to distribute Venom RAT malware. This underlines the escalating risks associated with unscreened PoCs and the unchecked proliferation of vulnerabilities.
A report of critical vulnerabilities in TeamCity CI/CD server, Atos Unify OpenScape products, encrypted email solutions and Cisco’s BroadWorks, as well as emerging threats in cyberspace.
An affiliate named “ShadowSyndicate” has been linked to multiple ransomware attacks on a global scale. The Group-IB discovered a single Secure Shell (SSH) fingerprint present on 85 server linking back to ShadowSyndicate.
In today’s environment of rampant cybercrime, organizations are obligated to fortify their cybersecurity defenses and report breaches to authorities and affected parties. New data laws involve data breach reporting, cybersecurity, and privacy laws.
Fastly’s Next-Gen WAF reveals that the High Tech industry is the most targeted sector in cybersecurity, accounting for 46% of NLX-tagged attack traffic. The report provides insights and strategic countermeasures to tackle evolving cyber threats.
The digital sphere, while offering an unprecedented level of global connection, is a breeding ground for security incidents. This article unravels recent global cyber attacks including those by Russian GRU and more.
China’s Ministry of State Security (MSS) has accused the United States of a decade-long cyber espionage campaign against telecom giant, Huawei. Amid escalating geopolitical tensions, claims suggest that the U.S., using malicious software, has infiltrated servers, stolen valuable data and launched network attacks within China.
A significant surge in the activity of the P2PInfect botnet worm has rung alarm bells in the cybersecurity world, with its activity reaching new heights. Notorious for its peer-to-peer malware activities, P2PInfect has been introducing newer, stronger versions to bypass security measures.