'Randstorm' Bug: Millions of Crypto Wallets Open to Theft
The security vulnerability in a component of a widely used JavaScript implementation of Bitcoin makes passwords guessable via brute-force attacks.
View ArticleUnpatched Critical Vulnerabilities Open AI Models to Takeover
The security holes can allow server takeover, information theft, model poisoning, and more.
View ArticleConsumer Software Security Assessment: Should We Follow NHTSA's Lead?
Vehicles are required to meet basic safety standards. Having similar requirements for software would give consumers greater control over their privacy and security.
View Article'CacheWarp' AMD VM Bug Opens the Door to Privilege Escalation
Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils.
View ArticleDangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass
There's no time to waste: For organizations on the fence about patching the critical bug in ActiveMQ, the new proof-of-concept exploit should push them towards action.
View ArticleIT Pros Worry That Generative AI Will Be a Major Driver of Cybersecurity Threats
More than two-thirds of cybersecurity decision-makers say GenAI will open new avenues for attack for their businesses.
View ArticleDetection & Response That Scales: A 4-Pronged Approach
Building a resilient incident response team requires more than a simple combination of tools and on-call rotations.
View ArticleHands Off the Security Budget! Find Efficiencies to Reduce Risk
Security budgets will benefit from new priorities, streamlined responses rather than wholesale cost-cutting in light of cyberattacks and increased regulatory requirements.
View ArticleActions to Take to Defeat Initial Access Brokers
Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.
View ArticleShadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law...
View ArticleScattered Spider Casino Hackers Evade Arrest in Plain Sight
The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?
View ArticleBritish Library Confirms Ransomware Attack Caused Outages
The library said that it expects many of its services to be restored in the forthcoming weeks.
View ArticleHackers Weaponize SEC Disclosure Rules Against Corporate Targets
Ransomware group BlackCat/ALPHV files SEC complaint against its latest victim, putting an audacious new twist on cyber extortion tactics.
View ArticleLeveraging Sandbox and Threat Intelligence Feeds to Combat Cyber Threats
Combining a malware sandbox with threat intelligence feeds improves security detection, analysis, and response capabilities.
View ArticleA Detection and Response Benchmark Designed for the Cloud
Does your security operation center's performance meet the 5/5/5 benchmark for cloud threat detection and incident response?
View ArticleHow the Evolving Role of the CISO Impacts Cybersecurity Startups
CISOs and vendors must work together to keep up with emerging threats and find solutions, says a group of CISOs and security entrepreneurs.
View ArticleSaudi Arabia Arms Public Sector With Google Cloud Services
Chronicle CyberShield will be offered as a managed service with security monitoring and Mandiant incident response included.
View ArticleEnterprise Generative AI Enters Its Citizen Development Era
Business users are building Copilots and GPTs with enterprise data. What can security teams do about it?
View ArticleExploited Vulnerabilities Can Take Months to Make KEV List
The Known Exploited Vulnerabilities (KEV) catalog is a high-quality source of information on software flaws being exploited in the wild, but updates are often delayed, which means companies need other...
View ArticleCISA Launches Pilot Program to Address Critical Infrastructure Threats
CISA expects to extend this program to include up to 100 critical infrastructure entities in its first year.
View ArticleAmid Military Buildup, China Deploys Mustang Panda in the Philippines
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
View ArticleGenAI Requires New, Intelligent Defenses
Understanding the risks of generative AI and the specific defenses to build to mitigate those risks is vital for effective business and public use of GenAI.
View ArticleMalware Uses Trigonometry to Track Mouse Strokes
The latest LummaC2 infostealer version includes a novel anti-sandbox trick to avoid detonating when no human mouse movements are detected.
View ArticleWhat Healthcare Cybersecurity Leaders Should Know About the FDA's Section...
New cybersecurity regulations from the FDA outline specific steps that medical device companies must take in order to get their devices approved for market.Â
View ArticleProof of Concept Exploit Publicly Available for Critical Windows SmartScreen...
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
View ArticleAI Helps Uncover Russian State-Sponsored Disinformation in Hungary
Researchers used machine learning to analyze Hungarian media reports and found Russian narratives soured the nation's perspective on EU sanctions and arms deliveries months before the Ukraine invasion.
View ArticleMaximize Cybersecurity Returns: 5 Key Steps to Enhancing ROI
Cybersecurity isn't a one-time task. It's an ongoing effort that needs regular checks, updates, and teamwork.
View ArticleKinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.
View ArticleMajor Saudi University to Offer AI, Cybersecurity Studies
University of Jeddah partners with Resecurity to teach cybersecurity skills.
View ArticleInside Job: Cyber Exec Admits to Hospital Hacks
Healthcare cyber services executive Vikas Singla admits to hobbling hospital operations, then using the incidents to try and gin up extra business.
View ArticleDPRK Hackers Masquerade as Tech Recruiters, Job Seekers
No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.
View ArticleAutoZone Files MOVEit Data Breach Notice With State of Maine
The company temporarily disabled the application and patched the vulnerability, though affected individuals should still remain vigilant.
View ArticleCitrix Bleed Bug Inflicts Mounting Wounds, CISA Warns
Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow.
View ArticleThe 7 Deadly Sins of Security Awareness Training
Stay away from using these tactics when trying to educate employees about risk.
View ArticleThe Persian Gulf's March to the Cloud Presents Global Opportunities
Loosening attitudes about cloud security are expected to create a nearly $10 billion public cloud market in the Middle East by 2027.
View ArticleRootkit Turns Kubernetes From Orchestration to Subversion
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference.
View ArticleScattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
View ArticleIdaho National Nuclear Lab Targeted in Major Data Breach
The laboratory operates a major test reactor, tests advanced nuclear energy concepts, and conducts research involving hydrogen production and bioenergy.
View Article3 Ways to Stop Unauthorized Code From Running in Your Network
As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.
View ArticleMideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions
The Israel-Gaza conflict could expose the region's oil and gas operations to renewed cyberattacks, with global ramifications.
View ArticleResearchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs
Biometric security on PCs isn't quite as bulletproof as you might think, as the line between sensors and host computers can be tampered with.
View ArticleQatar Cyber Agency Runs National Cyber Drills
Qatari organizations participate in cybersecurity exercises to hone their incident response plans and processes.
View ArticleWeb Shells Gain Sophistication for Stealth, Persistence
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal.
View ArticleGenerative AI Takes on SIEM
IBM joins Crowdstrike and Microsoft is releasing AI models to cloud-native SIEM platforms.
View ArticleFake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
View Article