Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues […]
Read moreCategory: Cyber Security
Former Twitter Employee Found Guilty of Spying for Saudi Arabia
A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that […]
Read moreExperts Uncover Details on Maui Ransomware Attack by North Korean Hackers
The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company. The […]
Read moreCISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities […]
Read moreTwilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack
Customer engagement platform Twilio on Monday disclosed that a “sophisticated” threat actor gained “unauthorized access” using an SMS-based phishing campaign aimed at its staff to […]
Read moreU.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering
The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the […]
Read moreResearchers Uncover Classiscam Scam-as-a-Service Operations in Singapore
A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after expanding to Europe. “Scammers posing as legitimate buyers approach […]
Read moreThe Benefits of Building a Mature and Diverse Blue Team
A few days ago, a friend and I were having a rather engaging conversation that sparked my excitement. We were discussing my prospects of becoming […]
Read moreNew Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains
A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto’s account transaction information to generate domain names to conceal its command-and-control (C2) […]
Read moreMeta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook
Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware […]
Read moreA Growing Number of Malware Attacks Leveraging Dark Utilities ‘C2-as-a-Service’
A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised […]
Read moreNew IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. “This family borrows […]
Read moreSlack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users
Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or […]
Read moreHackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts
Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. […]
Read moreResolving Availability vs. Security, a Constant Conflict in IT
Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts […]
Read moreIranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government
A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July […]
Read moreEmergency Alert System Flaws Could Let Attackers Transmit Fake Messages
The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. If left unpatched, the issues […]
Read moreCISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited […]
Read moreWho Has Control: The SaaS App Admin Paradox
Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization’s external admin attempts to disable MFA for themselves. They don’t think […]
Read moreCritical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers
As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if […]
Read more