TechHub
The authors of a dangerous malware test targeting millions of routers and Internet of Things (IoT) devices have uploaded their source code to GitHub, meaning other criminals can now quickly invent new variants of the tool or use it as it is in their own attack campaigns. Researchers at AT&T Alien Labs first discovered the … Read more
The U.S. Office of Management and Budget (OMB) today released details of a government-wide strategy for adopting principles of zero-trust architecture across federal agency networks. Agencies are required to adopt specific standards and security practices before the financial year 2024, which include the security of user identities, devices, networks, applications and data. These include multifactor … Read more
A local privilege escalation of (LPE) vulnerability in the software used to handle authorizations – and installed by default – on most major distributions of Linux is trivial to exploit where a researcher has already recreated the attack just from a detailed description of the error. The vulnerability affects polkit, formerly known as PolicyKit, which … Read more
After a wave of high-profile attacks, including the current disruptor Log4j and many years of measurements trending in the wrong direction, the cybersecurity industry must come to terms with the fact that something is fundamentally ruined. The statistics do not paint a pretty picture. At the end of the third quarter, the number of data … Read more
The European Union’s law enforcement agency, Europol, worked with investigators in 10 nations, including the United States and Canada, to remove a virtual private networking service (VPN) allegedly used by cybercriminals to hide the origin of their intrusion attempts, the group said. . on January 20th. Law enforcement agencies from a group of 10 nations … Read more
It’s time to prepare for tomorrow’s event reaction. It’s not like yesterday’s, and companies that do not embrace the difference can get into serious trouble when disaster strikes. The event response landscape has changed drastically in the last year. This is due in part to the shift in work patterns as people migrated to hybrid … Read more
Email is the lifeblood of most organizations, so it’s no surprise that email attacks are consistently among the biggest concerns that CISOs face. Up to 94% of phishing attacks are delivered via email, with attackers still preferring this important business tool as their preferred method of accessing victims’ networks. According to the FBI’s 2020 Internet … Read more
Revelstoke Security emerged from stealth today with a security orchestration, automation and response (SOAR) platform that automates analytics, optimizes workflows, and helps analysts find the root of events quickly and efficiently. SOAR refers to a class of technologies that automate security workflows and manual tasks using playbooks. Security operations centers (SOCs) typically rely on SOARs … Read more
Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs On November 11th, Google TAG published a blogpost about watering-hole attacks leading to exploits for the Safari web browser running on macOS. ESET researchers had been investigating this campaign the week before that publication, uncovering … Read more
In what is believed to be the first known use of the tactic, an advanced persistent threat actor exploits Microsoft OneDrive services for command and control (C2) purposes in a sophisticated cyber espionage campaign targeting senior officials in the government and defense industry of a West Asian nation . Researchers from Trellix, who have been … Read more