News
-
"Zero-Day Flaw Discovered in Quarkus Java Framework"Security researchers at Contrast Security have discovered a high-severity zero-day vulnerability in the Red Hat build of Quarkus, a full-stack, Kubernetes-native Java framework optimized for Java virtual machines (JVMs) and native compilation. …
-
"Where CISOs Rely on AI and Machine Learning to Strengthen Cybersecurity"As malware-less attacks become increasingly difficult to detect and stop, CISOs face a threat landscape in which malicious actors grow more sophisticated than security and Information Technology (IT) teams can keep up. However, Artificial Intelligence (…
-
Cyber Scene #74 - Chips Ahoy on Cyber Thursday HorizonCyber Scene #74 - Chips Ahoy on Cyber Thursday Horizon
-
"Businesses Increasing Cyber Spend Without Clear Strategy, Fastly Finds"According to security researchers at Fastly, most businesses worldwide claim to be confident that their current cybersecurity budgets are fit for their needs, but at the same time, they would be willing to spend more. The researchers noted that…
-
"Most Small Biz IaaS Users Seeing Surge in Attacks"Security researchers at Sophos have found that SMBs are increasingly exposed via their cloud infrastructure, with over half experiencing an increase in the volume (56%) and complexity (59%) of attacks over the past year. The researchers surveyed…
-
"China-Linked UNC4191 APT Relies on USB Devices in Attacks Against Entities in the Philippines"Researchers at Mandiant discovered an alleged China-linked cyberespionage group, UNC4191, using Universal Serial Bus (USB) devices as attack vectors in campaigns targeting entities in the Philippines. This campaign has been active since September 2021…
-
"33% Of Attacks in the Cloud Leverage Credential Access"The Elastic Global Threat Report 2022 details the evolving nature of cybersecurity threats as well as the increased sophistication of cloud and endpoint-related attacks. Thirty-three percent of cloud attacks use credential access, suggesting that users…
-
"The Metaverse Could Become a Top Avenue for Cyberattacks in 2023"Both maturing and emerging consumer-facing cyber threats could add to the numerous challenges that enterprise security teams will face in 2023. In their analysis of how the cyber threat landscape is likely to change over the coming year, researchers…
-
"Crafty Threat Actor Uses 'Aged' Domains to Evade Security Platforms"'CashRewindo,' a sophisticated threat actor, has been using 'aged' domains in global malvertising campaigns that lead to investment scam sites. Malvertising is the injection of malicious JavaScript code into legitimate advertising networks' digital ads,…
-
"This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms"A malicious Android SMS app found on the Google Play Store has been discovered to stealthily harvest text messages in order to create accounts on a variety of platforms such as Facebook, Google, and WhatsApp. The app, Symoo, had more than 100,000…
-
"Trio of New Vulnerabilities Allow Code Manipulation, Denial of Service (And Worse) For Industrial Controllers"Vedere Labs researchers revealed three new security flaws that can be exploited to attack automated industrial controllers and widely used software applied to program millions of smart devices in critical infrastructure. The vulnerabilities, tracked as…
-
"What the Census Bureau Can Learn From the IRS About Detecting Cyberattacks"Separate reports from agency watchdogs revealed the difference proper detection control implementation could make in limiting the impact of attempted cyber intrusions. One report highlighted a foiled ransomware attack against the Internal Revenue Service…