News
-
"Scattered Spider Pivots to SaaS Application Attacks"Recent attacks on customer accounts hosted by the Snowflake data warehousing platform suggest that threat actors are shifting to targeting Software-as-a-Service (SaaS) application environments.
-
"92% of Organizations Hit by Credential Compromise from Social Engineering Attacks"According to a new Barracuda report, in 2023, about 92 percent of organizations faced an average of six credential compromises due to email-based social engineering attacks.
-
"New BadSpace Backdoor Deployed in Drive-By Attacks"According to G Data CyberDefense, a backdoor dubbed "BadSpace" is being distributed using a multi-stage attack chain involving infected WordPress websites.
-
"Report Reveals Record Exploitation Rate For Load Balancers"According to Action1, threat actors are increasingly targeting edge devices known as load balancers. A load balancer distributes connections from clients between a set of servers.
-
"Fake Google Chrome Errors Trick You Into Running Malicious PowerShell Scripts"A malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into installing malware through malicious PowerShell "fixes." The new campaign has been used by multiple threat actors, including those behind "ClearFake,
-
"Malware Peddlers Love This One Social Engineering Trick"Proofpoint researchers warn of a clever social engineering method to deliver malware.
-
"Chinese Hackers Leveraged Legacy F5 BIG-IP Appliance for Persistence"Sygnia reports that a Chinese state-sponsored threat actor dubbed "Velvet Ant" used a legacy F5 BIG-IP appliance to access a victim organization's network for three years.
-
"Academics Develop Testing Benchmark for LLMs in Cyber Threat Intelligence"Rochester Institute of Technology (RIT) researchers created CTIBench, the first benchmark designed for assessing the performance of Large Language Models (LLMs) in Cyber Threat Intelligence (CTI) applications.
-
"New TikTag Attack Targets Arm CPU Security Feature"A team of researchers from Seoul National University, Samsung Research, and the Georgia Institute of Technology revealed a new speculative execution attack called "TikTag" targeting a hardware security feature in Arm CPUs.
-
"Truist Bank Confirms Breach After Stolen Data Shows up on Hacking Forum"Truist Bank has recently confirmed that its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum.
-
"Quarter of Firms Suffer an API-Related Breach"In a new study conducted by researchers at Salt Security, 250 respondents were pooled across various job responsibilities, industries, and company sizes globally to compile a new report titled "State of API Security Report 2024." The researchers found
-
"Fake Meeting Software Spreads macOS Infostealer"Security researchers at Insikt Group recently observed a widespread malicious campaign targeting cryptocurrency users and involving Vortax, a fake virtual meeting software.