Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a...
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image...
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments."This attack is...
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV)...
Threat Actors Increasingly Abusing GitHub for Malicious Purposes
The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads...
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP)...
New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms
A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as...
There is a Ransomware Armageddon Coming for Us All
Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stopThe least surprising headline from 2023 is that...
Atomic Stealer Gets an Upgrade – Targeting Mac Users with Encrypted Payload
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware...
Mandiant’s X Account Was Hacked Using Brute-Force Attack
The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a...
Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach...
