Uncategorized

Optimize ID verification for safe, efficient omnichannel experiences

Optimize ID verification for safe, efficient omnichannel experiences 17/05/2023 at 17:04 By Fraud networks are always continuously adjusting and adapting to capitalize on all touchpoints and leverage newer digital norms to their advantage. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

Optimize ID verification for safe, efficient omnichannel experiences Read More »

Lea Kissner appointed as Lacework Chief Information Security Officer

Lea Kissner appointed as Lacework Chief Information Security Officer 17/05/2023 at 16:44 By With more than 20 years of security industry experience, Lea Kissner has been named the new Chief Information Security Officer (CISO) at Lacework. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

Lea Kissner appointed as Lacework Chief Information Security Officer Read More »

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover 17/05/2023 at 15:36 By A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines (VMs) to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944, which is

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover Read More »

Identifying a Patch Management Solution: Overview of Key Criteria

Identifying a Patch Management Solution: Overview of Key Criteria 17/05/2023 at 15:36 By Software is rarely a one-and-done proposition. In fact, any application available today will likely need to be updated – or patched – to fix bugs, address vulnerabilities, and update key features at multiple points in the future. With the typical enterprise relying on

Identifying a Patch Management Solution: Overview of Key Criteria Read More »

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs 17/05/2023 at 14:17 By The second generation version of Belkin’s Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs Read More »

State-Sponsored Sidewinder Hacker Group’s Covert Attack Infrastructure Uncovered

State-Sponsored Sidewinder Hacker Group’s Covert Attack Infrastructure Uncovered 17/05/2023 at 14:17 By Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China. This comprises a network of 55 domains and IP addresses used by the threat actor, cybersecurity companies Group-IB and Bridewell said in

State-Sponsored Sidewinder Hacker Group’s Covert Attack Infrastructure Uncovered Read More »

U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator

U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator 17/05/2023 at 08:29 By A Russian national has been charged and indicted by the U.S. Department of Justice (DoJ) for launching ransomware attacks against “thousands of victims” in the country and across the world. Mikhail Pavlovich Matveev (aka Wazawaka, m1x, Boriselcin, and Uhodiransomwar), the 30-year-old

U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator Read More »

New toolkit aimed to strengthen school safety reporting programs

New toolkit aimed to strengthen school safety reporting programs 17/05/2023 at 01:25 By CISA and the U.S. Secret Service National Threat Assessment Center have released a new resource to help K-12 schools strengthen school safety reporting programs.  This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

New toolkit aimed to strengthen school safety reporting programs Read More »

Trustwave Threat Hunt Team Uncovers Healthcare Industry Vulnerabilities

Trustwave Threat Hunt Team Uncovers Healthcare Industry Vulnerabilities 16/05/2023 at 20:10 By The healthcare industry has been struck with a growing number of cyberattacks over the last few months, raising concerns in the healthcare industry and in Washington, D.C. The continued onslaught of attacks has raised the question of how healthcare entities can and should

Trustwave Threat Hunt Team Uncovers Healthcare Industry Vulnerabilities Read More »

China’s Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks

China’s Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks 16/05/2023 at 20:09 By The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej,

China’s Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks Read More »

Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style

Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style 16/05/2023 at 17:48 By I feel I need to clarify, for legal reasons, that this is nothing to do with any Harry Potter game. The reference is made because we are dealing with spells and magic, and I mean magic in the literal

Abusing Time-Of-Check Time-Of-Use (TOCTOU) Race Condition Vulnerabilities in Games, Harry Potter Style Read More »

Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts

Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts 16/05/2023 at 16:18 By Ransomware affiliates associated with the Qilin ransomware-as-a-service (RaaS) scheme earn anywhere between 80% to 85% of the ransom payments, according to new findings from Group-IB. The cybersecurity firm said it was able to infiltrate the group in March 2023, uncovering details

Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts Read More »

CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules

CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules 16/05/2023 at 16:09 By The threat actors behind the CopperStealer malware resurfaced with two new campaigns in March and April 2023 that are designed to deliver two novel payloads dubbed CopperStealth and CopperPhish. Trend Micro is tracking the financially motivated group under the name Water

CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules Read More »

Cyolo Product Overview: Secure Remote Access to All Environments

Cyolo Product Overview: Secure Remote Access to All Environments 16/05/2023 at 16:09 By Operational technology (OT) cybersecurity is a challenging but critical aspect of protecting organizations’ essential systems and resources. Cybercriminals no longer break into systems, but instead log in – making access security more complex and also more important to manage and control than

Cyolo Product Overview: Secure Remote Access to All Environments Read More »

Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems

Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems 16/05/2023 at 10:53 By A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems. The findings come from SentinelOne, which observed an uptick in the number of Geacon payloads appearing

Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems Read More »

Gaming companies must protect IP from exfiltration during development

Gaming companies must protect IP from exfiltration during development 16/05/2023 at 09:23 By It’s time for companies to take a tough stance on preventing data leakage and cyber theft, and adopt cybersecurity measures during the digital production process. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

Gaming companies must protect IP from exfiltration during development Read More »

Scroll to Top