CSO
Most attacks affecting SMBs target five older vulnerabilities
Attackers target flaws for a reason: Even years after they are discovered, they still work.
The Hacker News
Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
Popular Linux compression tool XZ Utils found with backdoor. Threat actors can remotely execute code on your machine, bypassing authentication.
The Hacker News
3 Things CISOs Achieve with Cato
CISOs globally are turning to Cato SSE 360 for seamless SASE and SSE transitions, achieving top results in visibility, threat prevention, and data sov
The Record
FritzFrog botnet is exploiting Log4Shell bug now, experts say
Researchers at Akamai say the FritzFrog botnet, first spotted in 2020, has a new variant that looks for ways to get deeper into networks.
The Record
The nature of bug bounty programs is changing, and their ‘auntie’ is worried
Katie Moussouris talks with the Click Here podcast team about China's vulnerability disclosure rules, how an EU proposal has similar aspects, and why she believes these kinds of regulations will only make the internet less safe for everyone.
CSO
Cloudflare report: Log4j remains top target for attacks in 2023...
The company warns that HTTP/2 Rapid Reset is emerging as significant new vulnerability.
Computerworld
Internet traffic soars in 2023, with generative AI a standout trend: Report
In its annual overview of online trends, Cloudflare reports Google remains the most popular site, while OpenAI takes the lead in generative AI services.
Bleeping Computer
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug...
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang.
The Hacker News
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans...
Lazarus Group launched a new global campaign involves exploiting security flaws in Log4j to deploy previously...
The Record
North Korean hackers using Log4J vulnerability in global campaign...
Hackers connected to North Korea’s Lazarus Group have been exploiting the Log4j vulnerability in a campaign...
The Record
Long-running Clearview AI class action biometric privacy case settles
The terms of the settlement are not yet public. Plaintiffs had sued Clearview AI under Illinois' biometric privacy law.
Bleeping Computer
Over 30% of Log4J apps use a vulnerable version of the library...
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security...
The Hacker News
Discover Why Proactive Web Security Outsmarts Traditional Antivirus Solutions
Don't Rely on Antivirus Alone. Discover why proactive web security is crucial in the ever-changing digital landscape.
The Hacker News
Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking
🚨 Bitcoin wallets created from 2011 to 2015 vulnerable to "Randstorm" exploit, potentially allowing unauthorized access by recovering passwords.
Trend Micro
Zero Day Threat Protection for Your Network
Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation.
Bleeping Computer
Iranian hackers lurked in Middle Eastern govt network for 8 months
The Iranian hacking group tracked as MuddyWater (aka APT34 or OilRig) breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023.
The Record
Iran-backed hackers dwelled for 8 months in Mideast government’s system, report says
Cybersecurity firm Symantec attributed the campaign to a group it calls Crambus but others refer to as APT34, OilRig or MuddyWater.
Ars Technica
How DDoSers used the HTTP/2 protocol to deliver attacks of unprecedented size
More than 8 years after the adoption of HTTP/2, DDoSers devise rapid reset attack.
Trend Micro
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
The Record
Suspected China-based hackers target Middle Eastern telecom, Asian government
Hackers targeted a Middle Eastern telecom organization and an Asian government in a recent spying operation, according to a report published Thursday.
The Record
Vulnerability in popular ‘libwebp’ code more widespread than expected
Initial alerts about a bug in the obscure but widely used libwebp library have expanded into concerns that it affects not only web browsers like Chrome, but also many other common pieces of software.
The Hacker News
Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic
Dive into the world of cyber threats with our Network Effect Threat Report. Learn about multi-customer attacks and which industries are most targeted.
CSO
Sysdig unveils cloud attack graph based on real-time threat data
Sysdig also announced a new cloud inventory and agentless scanning capabilities to tackle cloud security risks.
The Hacker News
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
Gold Melody, the financially motivated cyber group, is selling access to compromised organizations for ransomware attacks.
The Hacker News
Do You Really Trust Your Web Application Supply Chain?
Discover how supply chain vulnerabilities can compromise your business.
CSO
Orca’s new LLM tool to help detect Log4j-like exploits...
Orca Security’s new search tool takes natural language queries to hunt for Log4j-like vulnerabilities...
The Hacker News
CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
CISA Warns of Nation-State Cyber Threats. Numerous actors leveraging vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho.
CSO
Customer-configured rules now the biggest contributor to mitigated traffic
New research also shows old CVEs are still exploited en masse with HTTP anomalies the most common API attack vector.
The Hacker News
How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes
Learn best practices for assessing OAuth risks in your organization.
Bleeping Computer
US cyber safety board to analyze Microsoft Exchange hack of govt emails
The Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies.
The Record
Microsoft Exchange hack is focus of cyber board’s next review
The China-linked attack on Microsoft email services will get a full review by the Cyber Safety Review Board, the Department of Homeland Security announced.
The Record
White House, CISA call for help with security of open source software
The White House and a handful of government agencies on Thursday called for experts to help them create policies around the cybersecurity of open source software and promote the use of more security programming languages.
The Record
US should crack down on SIM swapping following Lapsus$ attacks: DHS review
In its latest report, the Cyber Safety Review Board called on the FCC and FTC to strengthen their oversight and enforcement activities around SIM swapping.
The Record
Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools
A leading U.S. senator asked the Justice Department and several other agencies to investigate a recent hack of Microsoft-provided email accounts used by top government officials.
The Record
Open-source supply chain attacks expand to the banking sector
Researchers at Checkmarx said they investigated two separate incidents involving banks that appear to be the first of their kind.
Bleeping Computer
New proxyjacking attacks monetize hacked SSH servers’ bandwidth
Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through services that pay for sharing unused Internet bandwidth.
CSO
Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group
PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against...
Bleeping Computer
New EarlyRAT malware linked to North Korean Andariel hacking group
Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group.
The Hacker News
North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
Andariel, affiliated with North Korea's Lazarus Group, strikes with EarlyRat malware exploiting Log4j...
Trend Micro
Rapture, a Ransomware Family With Similarities to Paradise
In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack.
CSO
Google launches dependency API and curated package repository with security metadata
With the two new services, Google aims to help minimize risk from malicious code in the software supply chain.
The Hacker News
Sorting Through Haystacks to Find CTI Needles
Discover the limitations of honeypots, CDN providers & EDR/XDR in cybersecurity intelligence.
The Hacker News
The Different Methods and Stages of Penetration Testing
Penetration testing is an essential tool for identifying, analyzing, and mitigating security risks.
CSO
Top 10 open source software risks for 2023
While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.
The Record
Multiple Chinese APTs are attacking European targets, EU cyber agency warns
The EU's cybersecurity agency says several Chinese military hacking groups are targeting European businesses and other organizations.
The Hacker News
North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations
North Korea is conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities.
The Hacker News
3 Overlooked Cybersecurity Breaches
Stay ahead of the game with the latest predictions for 2022's most concerning cybersecurity breaches, attacker tactics, and techniques.
The Record
Microsoft accuses Iran's government of cyber operation against Charlie Hebdo
Microsoft says the data breach of Charlie Hebdo was retaliation for the satire publication's call for drawings of Iran's leader, Ali Khamenei.
Bleeping Computer
Buggy Microsoft Defender ASR rule deletes Windows app shortcuts
Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps.
The Record
Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure.
Researchers in China are claiming a breakthrough in quantum computing, figuring out how to break the RSA public-key encryption system.
CSO
Log4Shell remains a big threat and a common cause for security breaches
Log4Shell is likely to remain a favored vulnerability to exploit as organizations lack visibility into their software supply chains.
Ars Technica
Microsoft discovers Windows/Linux botnet used in DDoS attacks
MCCrash is specially designed to take down Minecraft servers and performs other DDoSes.
CSO
Dozens of cybersecurity efforts included in this year’s US NDAA
Cybersecurity initiatives included in the US National Defense Authorization Act for 2023 include increased funding for Cybercom’s hunt-forward operations.
ZDNet
Singapore wants all critical infrastructures to be ready for cyber threats
That requires a strong focus on operational technology security, since generic cyber hygiene practices will not address risks specific to each of these critical sectors.
The Hacker News
Google Launches Largest Distributed Database of Open Source Vulnerabilities
Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about v
The Hacker News
Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
Iranian nation-state hackers are using a new custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected
ZDNet
We are still failing to learn the most important lesson in cybersecurity. That needs to change, fast
We know the problems and the answers. So why do so few organisations act?
The Record
DHS cyber safety board to probe Lapsus$ hacks
The Homeland Security Department on Friday announced its cyber review board would investigate a series of high-profile breaches attributed to the Lapsus$ group, a prolific global data extortion gang run by teenagers.
ZDNet
Not patched Log4j yet? Assume attackers are in your network, say CISA and FBI...
Almost a year on from Log4j's disclosure, a joint alert by CISA and the FBI warns organizations that if they haven't protected their systems against it yet, they really need to now.
The Hacker News
Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit
Iranian government-sponsored hackers have been blamed for compromising a U.S. federal agency by exploiting the Log4Shell vulnerability.
The Record
FBI Director warns of potential Chinese gov’t exploitation of TikTok
The director of the FBI warned Congress about the ways the Chinese government may weaponize the popularity of TikTok.
ZDNet
Cybersecurity: These are the new things to worry about in 2023
Today's security problems are still to be fixed. But evolving technologies and a fast-changing world mean there are new challenges, too.
The Record
Microsoft accuses China of abusing vulnerability disclosure requirements
Microsoft accused state-backed hackers in China of abusing the country’s vulnerability disclosure requirements to develop zero-day exploits.
Trend Micro
Comprehensive Traceability for Android Supply-Chain Security
We discuss the importance of traceability in the world of mobile operating systems.
Trend Micro
Attack Surface Management 2022 Midyear Review Part 2
In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year.
The Hacker News
Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability
Researchers have detected active exploitation attempts targeting the recently disclosed critical RCE vulnerability (CVE-2022-42889) in Apache Commons
Bleeping Computer
US govt shares top flaws exploited by Chinese hackers since 2020
NSA, CISA, and the FBI revealed today the top security vulnerabilities most exploited by hackers backed by the People's Republic of China (PRC) to target U.S. government and critical infrastructure networks.
Bleeping Computer
Cheerscrypt ransomware linked to a Chinese hacking group
The Cheerscrypt ransomware has been linked to a Chinese hacking group named 'Emperor Dragonfly,' known to frequently switch between ransomware families to evade attribution.
The Hacker News
Researchers Link Cheerscrypt Linux-Based Ransomware to Chinese Hackers
Researchers have attributed a recently discovered Linux-based ransomware known as Cheerscrypt to "Emperor Dragonfly," a Chinese cyber espionage group.
The Record
Senate panel approves open-source software bill, though future unclear
The Senate Homeland Security Committee on Wednesday easily approved legislation to better secure open-source software.
The Record
Cyberspace Solarium Commission calls for sustained investment in defense
Despite having taken “significant steps” to strengthen the country's defenses against digital threats, the progress must be a "prelude" to further changes, the Cyberspace Solarium Commission urged Wednesday.
The Record
White House: U.S. agencies have 90 days to create inventory of all software
The White House told agencies this week that they have 90 days to create a full inventory of the products they use.
The Record
U.S. gov’t unveils sanctions, charges, bounties on Iranian ransomware actors
The U.S. government unveiled a slate of sanctions, charges and bounties related to a group of Iranian nationals accused of launching ransomware attacks in the U.S. and abroad.
CSO
North Korean state-sponsored hacker group Lazarus adds new RAT to its malware toolset
Lazarus has used the new remote access Trojan in campaigns that exploit the Log4Shell vulnerability and target energy companies.
The Hacker News
Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group
Microsoft warns of a subgroup of the Iranian threat actor Phosphorus that has been conducting ransomware attacks as a "form of moonlighting."
The Hacker News
Google Launches New Open-Source Bug Bounty to Tackle Supply Chain Attacks
Google has introduced a new bug bounty program for open source projects, with payouts ranging from $100 to $31,337 to tackle supply chain attacks.
The Record
Google announces open source vulnerability reward program after Log4j, Codecov issues...
Google announced on Tuesday that it is launching an open source software vulnerability bug bounty program, offering rewards from $100 to $31,337.
The Hacker News
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations...
Iranian state-sponsored actors are leveraging unpatched Log4j systems to target Israeli entities....
Bleeping Computer
Microsoft: Iranian hackers still exploiting Log4j bugs against Israel...
Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian...
The Record
Cyber insurers weigh in on latest cybersecurity trends, threats
According to the U.S Government Accountability Office, the rate of businesses getting cyber insurance has doubled recently, from 26% in 2016 to 47% in 2020.
ThreatPost
Black Hat and DEF CON Roundup
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
The Record
DHS undersecretary: Log4j problem is not over, may take ‘a decade or longer’...
The controversy and concern around Log4j is far from over, according to the chair of Homeland Security's...
The Hacker News
Resolving Availability vs. Security, a Constant Conflict in IT
Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology.
ThreatPost
VMWare Urges Users to Patch Critical Authentication Bypass Bug
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
ThreatPost
Malicious Npm Packages Tapped Again to Target Discord Users
Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods.
Bleeping Computer
LockBit ransomware abuses Windows Defender to load Cobalt Strike
Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems.
Bleeping Computer
LockBit operator abuses Windows Defender to load Cobalt Strike
Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems.
CSO
Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”...
The CSRB report predicts the Log4J risk will continue for years and offers best practices for mitigating...
Trend Micro
Private 5G Network Security Expectations Part 3
How to secure your private 5G networks; The challenge of complex ecosystem in DX.
ThreatPost
Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.
Trend Micro
Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
We analyzed cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. Many of these attacks resulted in data being exfiltrated from the infected systems. However, we also found that some of the victims were infected with ransomware days after the data exfiltration.
ThreatPost
Gamification of Ethical Hacking and Hacking Esports
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.
The Hacker News
Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning
This article will go in-depth on the strengths and weaknesses of each approach, agent-based and network-based vulnerability scanning.
CSO
Software supply chain security fixes gain prominence at RSA
Attendees are urged to improve asset management, use SBOMs, and collaborate with government cybersecurity agencies to better ensure software integrity.
The Hacker News
Researchers Find New Malware Attacks Targeting Russian Government Entities
Researchers have discovered a new cyberattack campaign targeting Russian government entities with at least four separate spear phishing campaigns.
Bleeping Computer
Hackers target Russian govt with fake Windows updates pushing RATs
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.
ThreatPost
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.
ZDNet
SolarWinds ready to move past breach and help customers manage theirs | ZDNet
Acknowledging that 2021 was a tough year, SolarWinds CEO says it has bolstered its build model and expanded its systems monitoring capabilities so customers can better manage the complexities of hybrid cloud environments.
ThreatPost
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.
ThreatPost
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.