CyberArk reports that only 9 percent of organizations use an agile, holistic, and mature strategy to securing identities across their hybrid and multi-cloud environments. The data-driven model identifies 9 percent of organizations as having the most…

As the market for cybersecurity insurance evolves, Lloyd's of London plans to exclude the majority of nation-state attacks from its coverage policies. In response to these changes, companies are reevaluating their cyber insurance plans. While Lloyd's…

Since February 2023, a Russian hacker group tracked as TA473, also known as Winter Vivern, has exploited vulnerabilities in unpatched Zimbra endpoints to steal the emails of NATO officials, governments, military personnel, and diplomats. Sentinel Labs…

RedGolf, a Chinese state-sponsored threat group, has been linked to the use of KEYPLUG, a custom Windows and Linux backdoor. According to Recorded Future, RedGolf is a prolific Chinese state-sponsored threat actor group that has likely been targeting…

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

Security researchers at SlashNext have discovered that roughly four out of five employees (71%) store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work.  The researchers also found that 95% of…

According to cybersecurity researchers at Wiz, a misconfiguration in Azure Active Directory (AAD) that exposed applications to unauthorized access could have led to a Bing[.]com takeover.  Microsoft's AAD, a cloud-based identity and access…

National accounts receivable management company and debt buyer NCB Management Services has recently started informing roughly 500,000 individuals that their personal information was compromised in a data breach.  The company stated that an…

Security experts at OpenText have warned that websites displaying a padlock in the browser should be treated with caution after revealing a sharp increase in phishing sites using HTTPS.  During the study, researchers analyzed data collected from 95…

The SafeMoon token liquidity pool lost $8.9 million following a hacker's exploitation of a new 'burn' smart contract function that artificially raised the price, allowing the actor to sell SafeMoon at a significantly higher price. Liquidity pools in…

AlienFox, a new toolset enabling threat actors to harvest credentials from Application Programming Interface (API) keys and secrets from popular cloud service providers, is being distributed on Telegram. Alex Delamotte, a security researcher at…

Several cybersecurity companies have warned that the official Windows desktop app for the widely used 3CX softphone solution has been trojanized by malicious actors suspected to be state-sponsored. 3CX is Private Automatic Branch Exchange (PABX) software…