The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in...
The North Korean office responsible for the scheme, Department 53, was created to funnel money back into the country’s weapons programs. The post Treasury sanctions North Korea over remote IT...
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee...
At least one key Republican told CyberScoop that he wasn’t happy about the last-minute nature of the EO. The post Biden cyber executive order gets mostly plaudits, but its fate is uncertain...
The U.S. Treasury Department said there are “thousands” of North Korean IT workers hired across the globe as part of the campaign and they use a variety of technology to hide their identities and...
Bill discusses how to find 'the helpers' and the importance of knowledge sharing. Plus, there's a lot to talk about in our latest vulnerability roundup.
The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up...
Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks
Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's...
Enzo Biochem said it settled a class action lawsuit related to a ransomware attack for $7.5 million and also is making upgrades to its data protection systems.
You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app...
Star Blizzard, known to be part of Russia’s FSB, moved schemes to the messaging platform last November. The post Microsoft catches Russian state-sponsored hackers shifting tactics to WhatsApp...
Truth Social, launched by the Trump Media & Technology Group in 2022, has become a hotspot for scams like phishing and investment fraud
Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability,...
Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple...
A long-time partnership results in a useful roadmap for implementing Zero Trust
Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers...
The US President’s second cybersecurity Executive Order will impose stricter security standards on software providers
The best password managers provide security, privacy, and ease of use for a reasonable price. We tested the best ones to help you find what's best for your family.
ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. [...]
Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. [...]
ASEC Blog publishes “Android Malware & Security Issue 3st Week of January, 2025”
Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common...
Compliance with the Digital Operational Resilience Act (DORA) has cost many businesses over €1 million, according to research from Rubrik
An employee at a telecommunications company connected as usual to their cloud account. They then appeared to travel a distance of 361 km, roughly 225 miles, at nearly twice the speed of sound...
Posted by Erik Varga, Vulnerability Management, and Rex Pan, Open Source Security TeamIn December 2022, we announced OSV-Scanner, a tool to enable developers to easily scan for vulnerabilities in...
The Russia-linked ransomware group is threatening to leak data stolen from almost 60 Cleo Software customers if ransoms aren't paid © 2024 TechCrunch. All rights reserved. For personal use only.
Learn about the all-new third-party log sources and multilingual question support features just released for SentinelOne's Purple AI.
The initiative had led to tangible changes, Jack Cable said upon his exit from the agency as senior technical adviser. The post A CISA secure-by-design guru makes the case for the future of the...