A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024,…
Category: EN
Well-Established Cybercriminal Ecosystem Blooms in Iraq
Researchers have uncovered a well-established cybercriminal ecosystem connected to a Telegram bot, with over 90,000 Arabic messages dating back to 2022, enabling a sophisticated network offering social media manipulation and financial theft services. This article has been indexed from Cyware…
Rite Aid Says Hack Impacts 2.2M People as Ransomware Gang Threatens to Leak Data
Pharmacy chain Rite Aid says 2.2 million people are impacted by a recent data breach for which the RansomHub group has taken credit. The post Rite Aid Says Hack Impacts 2.2M People as Ransomware Gang Threatens to Leak Data appeared…
Invicti API Security uncovers hidden and undocumented APIs
Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surface for security teams to address. As…
OpenText Cloud Editions 24.3 elevates human potential
OpenText announced its latest product innovations with Cloud Editions (CE) 24.3. This release represents a significant leap forward in integrating advanced information management capabilities, trusted cloud solutions, robust security measures, and AI to optimize data performance for simpler, but superior,…
CISA: Patch Critical GeoServer GeoTools Bug Now
CISA has told federal agencies to patch a critical GeoServer GeoTools vulnerability under active exploitation This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA: Patch Critical GeoServer GeoTools Bug Now
Six years into our housing commitment: Where are we now?
Through an interactive story map, learn more about Cisco’s commitment to address homelessness, progress made over the last six years, what’s next, and how you can help. This article has been indexed from Cisco Blogs Read the original article: Six…
Kubernetes Exposed: Exploiting the Kubelet API
Real-world attacks have been observed where attackers target the Kubelet API to steal secrets and gain control over clusters. Various techniques, such as environment discovery, network scanning, and secrets collection, have been utilized by hackers. This article has been indexed…
Red Hat OpenShift enhancements help organizations connect their disparate, diverse workloads
Red Hat introduced new capabilities and enhancements for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes, as well as the general availability of Red Hat Advanced Cluster Security Cloud Service. The new features, delivered with the general…
The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal
Microsoft said that in Q2 2024, the Octo Tempest cybercrime gang added RansomHub and Qilin ransomware to its arsenal. In the second quarter of 2024, financially motivated threat actor Octo Tempest (aka Scattered Spider, UNC3944, and 0ktapus), added RansomHub and Qilin…
Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks
The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that’s known for its sophisticated social engineering…
Amazon to build a $2 billion secret data center for Australian Military Intelligence
The Australian Signals Directorate has partnered with Amazon, the American technology giant, to establish a highly secure data center aimed at safeguarding military information from illicit access on the dark web. The project, estimated to cost over $2 billion under…
Securing the Paris Olympic Games 2024: Ensuring Cyber Protection
As Paris gears up to host the 2024 Olympic Games, the city and its organizers face a monumental task not only in ensuring the safety and smooth operation of the physical events but also in safeguarding against potential cyber threats.…
Why SMB Security Needs Efficient Device Management
SMBs are increasingly becoming the cyberattacker’s goldmine. Device management is one way to stay ahead of malicious actors and protect your crown data jewels. The post Why SMB Security Needs Efficient Device Management appeared first on Security Boulevard. This article…
How Much Does Penetration Testing Cost?
Curious about how much penetration testing costs? You understand its importance, but budgeting for different pentests can be a challenge. This blog post will guide you through the intricacies of… The post How Much Does Penetration Testing Cost? appeared first…
Critical Apache HugeGraph Vulnerability Under Attack – Patch ASAP
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has…
NSFOCUS Recognized in Forrester’s Enterprise Firewall Landscape Report, Q2 2024
SANTA CLARA, Calif., July 17, 2024 – NSFOCUS, a leading cybersecurity company, is proud to announce its inclusion in the prestigious The Enterprise Firewall Landscape, Q2 2024 report by Forrester, a globally recognized research and advisory firm. NSFOCUS has been…
Report Identifies More Than 250 Evil Twin Mobile Applications
The Satori Threat Intelligence Team funded by HUMAN Security, a provider of a platform thwarting bot-based attacks, today disclosed it has uncovered a massive ad fraud operation involving the setting up of “evil twins” of applications found in the Google…
Overlooked essentials: API security best practices
In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta recommends role-based access…
SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely…