Guest accounts in Azure AD (AAD) provide external third parties with limited access to corporate resources. The objective is to facilitate collaboration without excessive risk of exposure. However, enterprises may inadvertently overshare access to…

Gamaredon, a threat actor with connections to Russia, was observed conducting data exfiltration operations within an hour of the initial compromise. As a vector of primary compromise, emails and messages in messengers (i.e., Telegram, WhatsApp, Signal)…

Researchers from the RWTH Aachen University in Germany have published a study revealing tens of thousands of container images hosted on Docker Hub containing confidential secrets, exposing software, online platforms, and users to attacks. Docker Hub is a…

Attackers are exploiting a critical cross site scripting (XSS) vulnerability tracked as CVE-2023-34192 in the open source email collaboration suite Zimbra. The vulnerability could enable an authenticated remote threat actor to execute arbitrary code via…

Brett Callow, a threat analyst at Emsisoft, has been monitoring the MOVEit attack carried out by a notorious cybercrime gang, and he is currently aware of 347 impacted organizations, including 58 educational institutions in the United States.  …

A team of researchers led by Dr. Stephen McCombie, Professor of Maritime Information Technology (IT) Security at NHL Stenden University of Applied Sciences, have created the Maritime Cyber Attack Database (MCAD), which consists of incidents involving the…

The City College of New York is participating in a $12 million Google initiative aimed at boosting the cybersecurity ecosystem and positioning New York City as the global leader in cybersecurity. Other institutions involved in the Google Cyber NYC…

The University of Texas at San Antonio-based Cybersecurity Manufacturing Innovation Institute (CyManII) welcomes three new members to support its mission to secure and sustain US manufacturing. Each member will contribute to the institute's efforts to…

Cybersecurity remains a global concern, with a lack of skilled professionals worsening the problem. Therefore, Carnegie Mellon's picoCTF-Africa, a computer security competition for high school, undergraduate, and graduate students on the African…

US President Joe Biden's administration has released the first version of the National Cybersecurity Strategy Implementation Plan, which was first announced in March 2023. The plan aims to strengthen public and private cybersecurity resilience, bolster…

According to security researchers at Comparitech, global financial services organizations have lost over $32bn in downtime since 2018 due to ransomware breaches.  The researchers analyzed 225 confirmed attacks on the sector over the past five years…

Dr. Kamaljeet Sandhu of the University of New England (UNE) has been awarded a major international research grant in support of him leading a groundbreaking project to prevent and detect cybersecurity threats. He is one of 12 Australian researchers from…