The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity throughout the User Pillar" to help system operators in maturing their Identity, Credential, and Access Management (ICAM)…

Security researchers at Proofpoint have uncovered several new phishing campaigns using the collapse of Silicon Valley Bank (SVB) as a lure to steal cryptocurrency.  The researchers stated that they spotted lures related to USD Coin (USDC), a digital…

According to research conducted by Cybernews, the top aviation company Safran Group left itself vulnerable to cyberattacks for over a year, thus highlighting the vulnerability of major aviation companies to being targeted by threat actors. The Cybernews…

The first known cryptojacking operation mining the Dero cryptocurrency has been observed targeting vulnerable Kubernetes container orchestrator infrastructure with exposed Application Programming Interfaces (APIs). Dero is a privacy coin advertised as a…

ESET researchers have discovered that a Data Loss Prevention (DLP) company in East Asia has been compromised. During the intrusion, the attackers launched at least three malware families, compromising both the company's internal update servers and third-…

Two zero-day vulnerabilities need to be patched immediately, one in Microsoft Outlook's authentication mechanism and another discovered to be a Mark-of-the-Web (MOTW) bypass. Automox researchers advised enterprises to patch these vulnerabilities within…

GoBruteforcer, a new Golang-based malware, has been discovered targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres in an attempt to recruit them into a botnet. During the attack, GoBruteforcer used a Classless Inter-Domain Routing (CIDR)…

The LockBit ransomware group recently claimed to have stolen valuable SpaceX files after breaching the systems of piece part production company Maximum Industries.  The Texas-based Maximum Industries specializes in waterjet, laser cutting, and CNC…

A new security agency began its job of protecting the UK from state-sponsored and terrorist threats recently.  The National Protective Security Authority (NPSA) was created as part of a major new review of government defense spending known as the…

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently launched a pilot program to warn critical infrastructure organizations if their systems contain vulnerabilities that may be exploited in ransomware attacks.  The new…

In response to a cybercrime group’s claim, home security firm Ring announced that it has no evidence that it has fallen victim to a ransomware attack.  Founded in 2013 and acquired by Amazon in 2018, Ring started with a smart doorbell and later…

The Housing Authority of the City of Los Angeles (HACLA) has recently issued a public notice outlining the impact of a ransomware breach first reported at the start of this year.  The public agency, which claims to hold the largest stock of…