VMware warns of critical code execution bugs in vRealize Log InsightA critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take...
Month: January 2023
Security Analysis of Threema
Security Analysis of ThreemaA group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based...
Chinese hackers targeted Iranian government entities for months: Report
Chinese hackers targeted Iranian government entities for months: ReportChinese advanced persistent threat actor, Playful Taurus, targeted several Iranian government entities between July and December 2022, according...
Real-World Steganography
Real-World SteganographyFrom an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid...
Publisher’s Weekly Review of A Hacker’s Mind
Publisher’s Weekly Review of A Hacker’s MindPublisher’s Weekly reviewed A Hacker’s Mind—and it’s a starred review! “Hacking is something that the rich and powerful do, something...
Friday Squid Blogging: Another Giant Squid Captured on Video
Friday Squid Blogging: Another Giant Squid Captured on VideoHere’s a new video of a giant squid, filmed in the Sea of Japan. I believe it’s injured....
Experian Glitch Exposing Credit Files Lasted 47 Days
Experian Glitch Exposing Credit Files Lasted 47 DaysOn Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how...
DragonSpark threat actor avoids detection using Golang source code Interpretation
DragonSpark threat actor avoids detection using Golang source code InterpretationChinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade...
No-Fly List Exposed
No-Fly List ExposedI can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed...
Bulk Surveillance of Money Transfers
Bulk Surveillance of Money TransfersJust another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance...
US Cyber Command Operations During the 2022 Midterm Elections
US Cyber Command Operations During the 2022 Midterm ElectionsThe head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organization’s...
On Alec Baldwin’s Shooting
On Alec Baldwin’s ShootingWe recently learned that Alec Baldwin is being charged with involuntary manslaughter for his accidental shooting on a movie set. I don’t know...
French rugby club Stade Français leaks source code
French rugby club Stade Français leaks source codePrestigious club Stade Français potentially endangered its fans for over a year after leaking its website’s source code. Stade...
How Hackers Used Legitimate Software to Breach U.S. Federal Agencies
How Hackers Used Legitimate Software to Breach U.S. Federal AgenciesA phishing scam using legitimate remote monitoring and management (RMM) software was used to target at least...
Many ICS flaws remain unpatched as attacks against critical infrastructure rise
Many ICS flaws remain unpatched as attacks against critical infrastructure risePatching vulnerabilities in industrial environments has always been challenging due to interoperability concerns, strict uptime requirements,...
Driving Business Growth in Turbulent Times from CISO’s Perspective: Part II
Driving Business Growth in Turbulent Times from CISO’s Perspective: Part II Dive Into our Hubs Initiative as an Alternative to Remote Work Strategy: What’s Behind the...
North Korea-linked TA444 group turns to credential harvesting activity
North Korea-linked TA444 group turns to credential harvesting activityNorth Korea-linked TA444 group is behind a credential harvesting campaign targeting a number of industry verticals. Proofpoint researchers...
Infrastructure-as-Code Security: a Critical Responsibility
Infrastructure-as-Code Security: a Critical ResponsibilityBy Thomas Segura, Technical Content Writer, GitGuardian By large, software is still in its adolescence compared to other large-scale industries. Although its...
Google Chrome 109 update addresses six security vulnerabilities
Google Chrome 109 update addresses six security vulnerabilitiesGoogle addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild. Google...
Been hit by BianLian ransomware? Here’s your get-out-of-jail-free card
Been hit by BianLian ransomware? Here's your get-out-of-jail-free cardAvast issues a free decryptor so victims can get their data back Cybersecurity firm Avast has released a...
Zacks Investment Research data breach impacted hundreds of thousands of customers
Zacks Investment Research data breach impacted hundreds of thousands of customersZacks Investment Research (Zacks) disclosed a data breach, the security may have exposed the data of...
T-Mobile suffers 8th data breach in less than 5 years
T-Mobile suffers 8th data breach in less than 5 yearsTelecom player T-Mobile US has suffered a cybersecurity incident that resulted in the exposure of the personal...
Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394)
Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394)Experts warn of a spike in the attacks that between August and October...
Wallarm touts API leak protection with new scanning feature
Wallarm touts API leak protection with new scanning featureAPI security company Wallarm announced Frdiay that it had opened a preview period for its newest offering —...
The metaverse brings a new breed of threats to challenge privacy and security gatekeepers
The metaverse brings a new breed of threats to challenge privacy and security gatekeepersThe metaverse is coming; businesses and government agencies are already building virtual worlds...
US Supreme Court leak investigation highlights weak and ineffective risk management strategy
US Supreme Court leak investigation highlights weak and ineffective risk management strategyThe Supreme Court of the United States (SCOTUS) has announced that its investigation to find...
Attackers exploiting critical flaw in many Zoho ManageEngine products
Attackers exploiting critical flaw in many Zoho ManageEngine productsUsers of on-premises deployments of Zoho ManageEngine products should make sure they have patches applied for a critical...
Nvidia targets insider attacks with digital fingerprinting technology
Nvidia targets insider attacks with digital fingerprinting technologyNvidia today announced that a digital lab playground for its latest security offering is now available, letting users try...
Australia fronts International Counter Ransomware Taskforce
Australia fronts International Counter Ransomware TaskforceThe International Counter Ransomware Taskforce (ICRTF), envisioned by the International Counter Ransomware Initiative (CRI), kicked off its operations on Monday with Australia...
Guide: How MSSPs and vCISOs can extend their services into compliance readiness without increasing cost
Guide: How MSSPs and vCISOs can extend their services into compliance readiness without increasing costCompliance services are emerging as one of the hottest areas of cybersecurity. ...