Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks
The Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist...
Blind TCP/IP hijacking is resurrected for Windows 7
Retro cyber-attack returns to haunt widely used, end-of-life OS
Windows 7 remains vulnerable to blind TCP/IP hijacking attacks via a vulnerability that a security researcher...
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems...
Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution
To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This...
New malware found targeting IoT devices, Android TV
Recently, we saw a danger bunch named APT-C-23 presenting another Android variation of their malware. Turns out, they're by all accounts not the only...
MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting
As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting....
Microsoft’s Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical
Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest...
Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats
Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate...
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer
A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing...
Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker...