News
-
"Bug Exploitation Now Top Ransomware Access Vector"Security researchers at Secureworks found that vulnerability exploitation accounted for 52% of ransomware incidents over the past 12 months, making it the number one initial access vector for threat actors. The researchers stated that exploitation…
-
"Collective Defense — Integrated Cyber Expertise Hardens Cybersecurity"Every October, the National Cybersecurity Alliance (NCSA) and the Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) join industry and government to raise awareness about cybersecurity and best practices for all…
-
"Researchers Outline the Lazarus APT Offensive Toolset"Researchers at ESET discovered and examined a set of malicious tools used by the Lazarus Advanced Persistent Threat (APT) group in attacks at the end of 2021. The campaign began with spear phishing emails containing malicious Amazon-themed documents,…
-
"Bumblebee Malware Loader's Payloads Significantly Vary by Victim System"Bumblebee is a dangerous malware loader that first appeared in March. A new analysis of the malware loader reveals that its payload for systems connected to an enterprise network differs significantly from its payload for standalone systems. The malware…
-
"Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub"Scammers are posing as security researchers and selling fake proof-of-concept (POC) ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. The cybersecurity firm GTSC disclosed that two new zero-day vulnerabilities in…
-
"CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities"The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) requiring federal agencies across the country to keep track of assets and vulnerabilities on their networks…
-
"Telstra Suffers 'Sizeable' Data Breach, Mandates Two-Step Security Upgrade"Telstra, Australia's largest telecoms operator, has experienced a data breach and has informed customers that they must enable two-factor authentication (2FA). The announcement of enhanced security measures comes just two weeks after a similar attack on…
-
"Senators' Plan to Secure Open Source Software Involves Agencies Using More of It"According to legislation reported by the Senate Homeland Security and Governmental Affairs Committee, top cybersecurity officials should guide agencies toward using and contributing to open-source code libraries. The Securing Open Source Software Act of…
-
"The H2020 CARAMEL Project Ends by Opening Promising New Research Avenues in the Field of Innovative Anti-hacking Solutions for the Future of Connected and Automated Vehicles"The EU Horizon 2020 program-funded project called CARAMEL concluded, opening promising new research areas in the realm of innovative anti-hacking solutions for the future of Connected and Automated Vehicles (CAVs). The CARAMEL project partners have…
-
"New IBM Study Finds Cybersecurity Incident Responders Have Strong Sense of Service as Threats Cross Over to Physical World"IBM Security has released the results of a global survey on the critical role of cybersecurity incident responders at a time when the physical and digital worlds are converging more. The study discovered that incident responders surveyed are motivated…
-
"Why Human Nature Often Trumps Security"Globally, CEOs are most concerned about cybersecurity risk, with increased risks and awareness driving more investment in network defenses and security features. However, there is one threat that executives cannot avoid, which is humans. According to…
-
"Ex-NSA Employee Charged For Trying to Sell US Secrets"Recently a former US National Security Agency (NSA) employee was arrested after trying to sell classified information to an undercover Federal Bureau of Investigation (FBI) agent posing as a foreign spy working for a foreign government. Jareh…