Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and...

Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable...

Between November 1, 2023, and October 31, 2024, spearphishing was the top initial access technique for our customers across most sectors, including retail trade.

There’s no denying that Generative Artificial Intelligence (GenAI) has been one of the most significant technological developments in recent memory,... The post The Dark Side of Gen AI appeared...

From Magecart to Mobile Menaces

Threat actors have developed an attack leveraging misconfigured JupyterLab and Jupyter Notebook servers to conduct illegal live streaming of sports events. By exploiting unauthenticated access to...

Researchers discovered a new campaign by Earth Kasha, a threat group targeting Japan, Taiwan, and India since 2019, with connections to the broader APT10 umbrella. This recent campaign, beginning...

Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and...

If you're concerned about your privacy, you should regularly clear your Google search cache on Android. Here's how to do this manually and set up auto-delete.

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number...

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week...

Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first...

Palo Alto Networks confirmed two zero-day vulnerabilities were exploited as part of attacks in the wild against PAN-OS devices, with one being attributed to Operation Lunar Peek.Update November...

Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure...

Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure...

We tested the best password managers for Mac right now, to help you keep your laptop logins secure. These are our favorites.

AWS has released an important new feature that allows you to apply permission boundaries around resources at scale called Resource Control Policies (RCPs). Read on to learn what RCPs are all about...

Tired of dodging all those 'Scam Likely' calls? Here's what’s behind the label and how to stay one step ahead of phone scammers.

Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands...

Plus: An “AI granny” is wasting scammers’ time, a lawsuit goes after spyware-maker NSO Group’s executives, and North Korea–linked hackers take a crack at macOS malware.

[Update: At the time of publication, this vulnerability had not been addressed by Fortinet. On December 18, 2024, Fortinet published a public acknowledgement of the issue, affected versions, as...

Today’s business growth is often driven by digital experiences. Companies need to invest in their IT infrastructure and team to account for the increased standards of digital experiences and...

Check out the CVEs attackers targeted the most last year, along with mitigation tips. Plus, a new guide says AI system audits must go beyond check-box compliance. Meanwhile, a report foresees...

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home...

A zero-day vulnerability in Fortinet's Windows VPN client, FortiClient, was discovered by Volexity, allowing user credentials to remain in process memory after authentication. This vulnerability...

How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection.

Path Traversal vulnerability (CVE-2024-11136) has been found in TCL Camera software.

ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report

Reflected XSS vulnerability (CVE-2024-7124) has been found in Poznan Supercomputing and Networking Center's DInGO dLibra software.

ASEC Blog publishes “Android Malware & Security Issue 2st Week of November, 2024” 게시물 Android Malware & Security Issue 2st Week of November, 2024이 ASEC에 처음 등장했습니다.