The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide avenue into enterprise applications for cyberattackers.…
The APT used DNS poisoning to install the Macma backdoor on targeted networks and then deliver malware to steal data via post-exploitation activity. – Read More
Cybersecurity startup LeakSignal, a finalists in this year’s Black Hat USA Startup Spotlight competition, helps organizations see where data is leaking within their environment. – Read More
Cybersecurity startup Knostic, a finalists in this year’s Black Hat USA Startup Spotlight competition, adds guardrails to how AI uses enterprise data to ensure sensitive data does not get leaked.…
Adopting a military mindset toward cybersecurity means the industry moves beyond the current network protection strategies and toward a data-centric security approach. – Read More
Ultimately, a more cyber-secure world requires a global governing body to regulate and campaign for cybersecurity, with consistent regulatory requirements in the various regions around the world. – Read More
The scheme, from the group also known as APT28, involves targeting Eastern European diplomats in need of personal transportation, tempting them with a purported good deal on a Audi Q7…
The runaway success of an upstart ransomware outfit called “Dark Angels” may well influence the cyberattack landscape for years to come. – Read More
The state-sponsored Chinese threat actor gained access to three systems and stole at least some research data around computing and related technologies. – Read More
Now that the Authy Desktop app has reached EOL and is no longer accessible, users are hoping their 2FA tokens synced correctly with their mobile devices. – Read More
In a monoculture, cybercriminals need to look for a weakness in only one product, or discover an exploitable vulnerability, to affect a significant portion of services. – Read More
A simple toggle in Proofpoint’s email service allowed for brand impersonation at an industrial scale. It prompts the question: Are secure email gateways (SEGs) secure enough? – Read More
Having a robust identity continuity plan is not just beneficial but essential for avoiding financially costly and potentially brand-damaging outages. – Read More
By injecting malicious bytecode into interpreters for VBScript, Python, and Lua, researchers found they can circumvent malicious code detection. – Read More
Law firms make the perfect target for extortion, so it’s no wonder that ransomware attackers target them and demand multimillion dollar ransoms. – Read More