Tag: Information Security Buzz

Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects. While the latest variant has only been observed in limited attacks, security researchers warn that its enhanced capabilities…

Read more →

As entities of every sector move more apps and workloads to the cloud, security is becoming a top priority. Microsoft Azure, one of the world’s most popular cloud platforms, provides a range of security tools and best practices to help…

Read more →

Jeremiah Fowler, an experienced cybersecurity researcher at vpnMentor and co-founder of Security Discovery, has uncovered a massive data exposure involving nearly 2.7 billion records linked to Mars Hydro, a China-based manufacturer of IoT-enabled grow lights.   The breach, which included sensitive…

Read more →

In MS SQL Server, master database is the primary database that stores system information. This includes login details, linked servers, endpoints, system configurations, existence of other databases, etc. If the master database gets corrupted or damaged, the SQL Server service…

Read more →

eSentire’s Threat Response Unit (TRU) has uncovered a new cyber espionage campaign leveraging a legitimate Adobe executable to sideload the EarthKapre/RedCurl loader. The attack specifically targeted a firm in the Legal Services industry, highlighting the group’s persistent focus on corporate…

Read more →

Two years ago this summer, I became a single mum. It was a bit of a hectic time. I was pregnant with my second child, and my toddler was full of energy. I needed to quickly learn how to balance…

Read more →

Midsized to large organizations often employ a large number of tools and have many interconnected relationships with other organizations and external users. With a complex network of technologies, users, and partners, it can be challenging to maintain control over every…

Read more →

Espionage actors linked to China may be diversifying their operations, as new evidence points to the use of espionage tools in a recent ransomware attack against a South Asian software and services company.   Symantec Threat Intelligence reports that the attack,…

Read more →

The Inside Man is security training like no other. Now in its sixth season, KnowBe4’s Netflix-style security awareness video series boasts a compelling storyline, memorable characters, and, most noticeably, a budget other training providers could only dream of. But does…

Read more →

As people celebrate Valentine’s Day today, malicious actors are jumping on the love bandwagon in an opportunity to exploit heightened emotions and consumer spending with a wave of scam emails.  According to the latest findings from Bitdefender Antispam Lab, a…

Read more →

Storytelling is one of the most ancient and effective forms of human teaching. Just like prehistoric tales warned of the perils lurking in the wild, modern narratives can teach people about the perils lurking in cyberspace. We recently sat down…

Read more →

The growing momentum behind business innovation, particularly in the realm of AI and data, is increasingly driving how businesses operate, invest, and deliver value. Whilst this may not appear different from previous years, the proliferation of new technologies and tools…

Read more →

The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed.  Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new Secure by Design Alert warning about the risks posed by buffer overflow vulnerabilities in software.   The alert, titled “Eliminating Buffer Overflow Vulnerabilities,”…

Read more →

Small and medium-sized businesses are highly vulnerable to Business Email Compromise (BEC) attacks. Threat actors are evolving, exploiting human error and trust while leveraging automation tools and AI. To shed light on this evolving threat, Information Security Buzz spoke with…

Read more →

In the short time since its debut, DeepSeek has made waves in the AI industry, garnering praise as well as scrutiny. The model’s meteoric rise has fueled debate over its claimed efficiency, intellectual property worries, and its general reliability and…

Read more →

Ransomware payments decreased by 35.82% year-over-year (YoY) in 2024, research from Chainalysis has revealed. The blockchain analytics company attributes much of this decrease to increased law enforcement actions, improved international collaboration, and a growing refusal of victims to pay.   While,…

Read more →

The UK and the US have opted not to sign an international agreement on artificial intelligence (AI) at a global summit held in Paris. The declaration—endorsed by multiple countries including France, China, and India—commits to an “open,” “inclusive,” and “ethical”…

Read more →

As IT environments grow increasingly complex, the necessity for advanced security measures at the endpoint level has never been more critical. This year will bring a wave of new challenges and opportunities in cybersecurity. Two prominent trends that will shape…

Read more →

Cybercriminals are rapidly evolving their tactics for exploiting large language models (LLMs), with recent evidence showing a surge in LLMjacking incidents. Since Sysdig TRT first discovered LLMjacking in May 2024,  it says attackers have continuously adapted, targeting new models such…

Read more →