Security researchers at the CERT Coordination Center (CERT/CC) at Carnegie Mellon University have discovered a critical vulnerability in the SMA Technologies OpCon UNIX agent resulting in the same SSH key being deployed with all installations. OpCON is…

Delivery services provider Yodel says it is working on restoring operations after falling victim to a disruptive cyberattack.  Yodel is one of the largest couriers in the United Kingdom and was initially known as the Home Delivery Network, but it…

Over the last decade, distributed ledger technology, such as blockchains, has become more prevalent in various contexts. The idea is that blockchains operate securely without centralized control and are unsusceptible to change. The Defense Advanced…

Security researcher Filip Dragovic published a new DFSCoerce Windows NTLM relay attack that uses MS-DFSNM (Microsoft’s Distributed File System) to take over Windows domains.  Dragovic posted on a GitHub page detailing his findings.  Microsoft…

According to new research conducted by the non-profit Identity Defined Security Alliance (IDSA), the number of security breaches stemming from stolen or compromised identities has reached epidemic proportions.  The IDSA polled 500 US identity and…

A recently discovered Magecart skimming campaign has origins in an earlier attack activity dating back to November 2021. Magecart is a cybercrime syndicate made up of dozens of subgroups specializing in cyberattacks involving digital credit card theft…

Europol recently announced that police have dismantled a cybercrime group that made millions of euros through phishing and other types of schemes. The operation was conducted by police in Belgium and the Netherlands, with support from Europol. The…

QNAP has issued a warning to customers that some of its Network Attached Storage (NAS) devices (with non-default configurations) are vulnerable to attacks that take advantage of a three-year-old critical PHP vulnerability, which allows Remote Code…

According to the Ukrainian Computer Emergency Response Team (CERT-UA), Russian hacker gangs have been using the Follina code execution vulnerability in recent phishing attempts to install the CredoMap malware and Cobalt Strike beacons. The APT28 hacking…

Criminals are performing voice phishing (vishing) attacks to trick people in the US military and technology organizations into revealing credentials for Microsoft Office 365 software and Outlook email accounts. According to US security firm Zscaler,…

Gartner has unveiled the top 8 cybersecurity predictions for 2022 through 2023. Richard Addiscott, Senior Director Analyst, and Rob McMillan, Managing Vice President at Gartner, discussed the top predictions prepared by Gartner cybersecurity experts to…

With advancements in computer vision and Machine Learning (ML), various technologies can now do complex tasks with little or no human oversight. Many computer systems and robots use visual information to make critical decisions, from autonomous drones…