Okta revealed that its private GitHub repositories were hacked this monthAmerican identity and access management giant Okta revealed that that its private GitHub repositories were hacked this month. Okta revealed...
Day: December 23, 2022
LastPass: Customer Vault Data Was Taken
LastPass: Customer Vault Data Was TakenMost data was encrypted in cloud storageLeer másMost data was encrypted in cloud storage
ICO Slams Editors for Comments on Journalism Code
ICO Slams Editors for Comments on Journalism CodeUK's privacy regulator says new rules for hacks still being worked outLeer másUK's privacy regulator says new rules for...
Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange servers
Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange serversPlay ransomware attacks target Exchange servers with a new exploit that bypasses Microsoft’s...
North Korea-linked hackers stole $626 million in virtual assets in 2022
North Korea-linked hackers stole $626 million in virtual assets in 2022North Korea-linked threat actors have stolen an estimated $1.2 billion worth of cryptocurrency and other virtual...
A new Zerobot variant spreads by exploiting Apache flaws
A new Zerobot variant spreads by exploiting Apache flawsMicrosoft spotted an upgraded variant of the Zerobot botnet that spreads by exploiting Apache vulnerabilities. Microsoft Threat Intelligence...
President Biden Signs Quantum Cybersecurity Preparedness Act into Law
President Biden Signs Quantum Cybersecurity Preparedness Act into LawThe law sets out requirements for federal agencies to migrate to quantum-secure cryptographyLeer másThe law sets out requirements...
Vice Society ransomware gang is using a custom locker
Vice Society ransomware gang is using a custom lockerThe Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions....
LastPass revealed that encrypted password vaults were stolen
LastPass revealed that encrypted password vaults were stolenThe data breach suffered by LastPass in August 2022 may have been more severe than previously thought. In August password...
TikTok’s Parent Company Admits Using the Platform’s Data to Track Journalists
TikTok's Parent Company Admits Using the Platform's Data to Track JournalistsIn a series of emails seen by several media, ByteDance admitted that some of its former...
BetMGM discloses security breach impacting 1.5 Million customers
BetMGM discloses security breach impacting 1.5 Million customersOnline sports betting company BetMGM suffered a data breach and threat actors offered for sale a database containing the...
An Iranian group hacked Israeli CCTV cameras, defense was aware but didn’t block it
An Iranian group hacked Israeli CCTV cameras, defense was aware but didn’t block itAn Iranian group hacked dozens of CCTV cameras in Israel in 2021 and...
British Newspaper ‘The Guardian’ Targeted by Cyberattack
British Newspaper ‘The Guardian’ Targeted by CyberattackThe British daily newspaper ‘The Guardian’ is facing a serious cyber incident believed to be ransomware. The news was brought...
Vulnerabilities Discovered in Passwordstate Credential Management Solution
Vulnerabilities Discovered in Passwordstate Credential Management SolutionSeveral critical security vulnerabilities have been found in Passwordstate password management solution. The flaws can be leveraged by a cybercriminal...
Threat Actors Hacked LastPass’ Cloud Storage and Stole Customers` Data
Threat Actors Hacked LastPass’ Cloud Storage and Stole Customers` DataMalicious actors succeeded in stealing customer vault data during LastPass` cloud storage breach. According to researchers, for...
FIN7 Hackers Use Checkmarks to Exploit Microsoft Exchange Servers
FIN7 Hackers Use Checkmarks to Exploit Microsoft Exchange ServersTo compromise corporate networks, steal data, and pursue targets for ransomware attacks based on financial size, recent finds...
Sports Betting Company BetMGM Suffered a Data Breach
Sports Betting Company BetMGM Suffered a Data BreachBetMGM, a major player in the sports betting industry, recently reported a data breach in which the personal information...
DuckDuckGo Blocking Google Sign-In Pop Ups on All Sites
DuckDuckGo Blocking Google Sign-In Pop Ups on All SitesThe DuckDuckGo apps and extensions are blocking Google Sign-in pop-ups, removing what it perceives as an annoyance and...
Password Spraying: Definition, How It Works, and How to Stop It
Password Spraying: Definition, How It Works, and How to Stop ItAutomated tools and a huge amount of information available on the dark web make password spraying...
Cybersecurity-as-a-service (CSaaS)
Cybersecurity-as-a-service (CSaaS)As businesses have become increasingly susceptible to cyberattacks, the use of CSaaS has become more important. In this article, we’ll outline what CSaaS is, and...
Trident Ursa aka Gamaredon APT Attack Detection: Russia-Backed Hackers Escalate Offensive Activity by Targeting a Petroleum Refinery in a NATO Country
Trident Ursa aka Gamaredon APT Attack Detection: Russia-Backed Hackers Escalate Offensive Activity by Targeting a Petroleum Refinery in a NATO Country Since russia’s full-scale invasion of...
Probing Weaponized Chat Applications Abused in Supply-Chain Attacks
Probing Weaponized Chat Applications Abused in Supply-Chain AttacksThis report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that...
OWASSRF Exploit Detection: New Exploit Method Abuses Exchange Servers to Bypass ProxyNotShell (CVE-2022-41040 and CVE-2022-41082) Mitigations and Gain RCE
OWASSRF Exploit Detection: New Exploit Method Abuses Exchange Servers to Bypass ProxyNotShell (CVE-2022-41040 and CVE-2022-41082) Mitigations and Gain RCE On December 20, 2022, cybersecurity researchers uncovered...
Forging Ahead in 2023: Insights From Trend Micro’s 2023 Security Predictions
Forging Ahead in 2023: Insights From Trend Micro’s 2023 Security PredictionsIn 2023, cybercriminals and defenders alike will have to move forward with caution in the face...
Trend Joining App Defense Alliance Announced by Google
Trend Joining App Defense Alliance Announced by GoogleTrend Micro’s participation in Google’s App Defense Alliance will ensure the security of customers by preventing malicious apps from...
Ransomware Business Models: Future Pivots and Trends
Ransomware Business Models: Future Pivots and TrendsRansomware groups and their business models are expected to change from what and how we know it to date. In...
Trend Micro Joins Google’s App Defense Alliance
Trend Micro Joins Google’s App Defense AllianceTrend Micro will be joining Google's App Defense Alliance (ADA) to help improve their ability to identify malicious apps before...
Agenda Ransomware Uses Rust to Target More Vital Industries
Agenda Ransomware Uses Rust to Target More Vital IndustriesThis year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda's Rust variant...
Don’t click too quick! FBI warns of malicious search engine ads
Don’t click too quick! FBI warns of malicious search engine adsThe FBI is warning US consumers that cybercriminals are placing ads in search engine results that...
A Closer Look at Windows Kernel Threats
A Closer Look at Windows Kernel ThreatsIn this blog entry, we discuss the reasons why malicious actors choose to and opt not to pursue kernel-level access...