Sitecore Zero-Day Sparks New Round of ViewState Threats – Dark Reading
The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks. – Read More
Sitecore zero-day configuration flaw under active exploitation – CSO Online
A sample ASP.NET machine key in old deployment guides for Sitecore products is being exploited by attackers to launch ViewState code injection attacks that compromise servers. According to Google’s Mandiant…
Bridgestone Americas Confirms Cyberattack – Dark Reading
Reports of disruptions at North American plants emerged earlier this week, though the nature of the attack on the tire manufacturer remains unclear. – Read More
Chinese Hackers Game Google to Boost Gambling Sites – Dark Reading
New threat actor “GhostRedirector” is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites. – Read More
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate – Dark Reading
The Nonprofit organization launched the Threat Handling Foundations Certificate amid mounting incident and breach disclosures. – Read More
Phishing Empire Runs Undetected on Google, Cloudflare – Dark Reading
What’s believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years. – Read More
Czech Warning Highlights China Stealing User Data – Dark Reading
Czech cyber agency NÚKIB warned of the risks of using products and software that send data back to China. – Read More
Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries – The Hacker News
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member…
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module – The Hacker News
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and…
Blast Radius of Salesloft Drift Attacks Remains Uncertain – Dark Reading
Many high-profile Salesloft Drift customers have disclosed data breaches as a result of a recent supply-chain attack, but the extent and severity of this campaign are unclear. – Read More
UltraViolet Expands AppSec Capabilities With Black Duck’s Testing Business – Dark Reading
The addition of Black Duck’s application security testing offering to UltraViolet Cyber’s portfolio helps security teams find and remediate issues earlier in the security lifecycle. – Read More
Datenpanne bei Palo Alto Networks, Zscaler und Cloudflare – CSO Online
Auch IT-Unternehmen, selbst im Bereich Cyber-Security sind nicht vor erfolgreichen Cyber-Attacken gefeit. PeopleImages.com – Yuri A/ Shutterstock.com Palo Alto Networks, ZScaler und Cloudflare haben bekannt gegeben, dass sie von einem…
Avnet unlocks vendor lock-in and reinvents security data management – CSO Online
As a leading distributor of electronic components and IT services, Avnet helps more than a million customers design, build, and move products through the supply chain. From cars and airplanes…
Principal Financial pioneers biometric authentication to beat online fraud – CSO Online
Principal Financial Group helps millions of people and businesses plan for the future through retirement services, insurance, and asset management. Customers trust Principal with their money, so it’s essential to…
Why Threat Hunting Should Be Part of Every Security Program – Dark Reading
The more you hunt, the more you learn. – Read More