December 12, 2023
Via: CSO OnlineTA4557, a threat actor tracked since 2018 to be sending job-themed email threats, has started a new technique of targeting recruiters with direct emails that ultimately lead to malware delivery, according to Proofpoint. The threat actor known for using More_eggs […]
November 2, 2023
Via: CSO OnlineAttackers have begun exploiting a critical remote code execution vulnerability patched last week in Apache ActiveMQ to deploy ransomware in enterprise networks. Users are urged to upgrade the software as soon as possible. “Beginning Friday, October 27, Rapid7 Managed Detection […]
September 18, 2023
Via: CSO OnlineTo remain undetected for longer in cloud environments, attackers have started to abuse less-common services that don’t get a high level of security scrutiny. This is the case of a recently discovered cryptojacking operation, called AMBERSQUID, that deploys cryptocurrency mining […]
August 17, 2023
Via: CSO OnlineResearchers from Sysdig are warning of an ongoing attack campaign against vulnerable GitLab servers that results in deployment of cryptojacking and proxyjacking malware. The attacks use cross-platform malware, kernel rootkits, and multiple layers of obfuscation and try to evade detection […]
August 14, 2023
Via: CSO OnlineGlobally, there are more cyberthreats than ever and a surge in attacks on operational technology (OT), including the proliferation of new ransomware variations and the ascent of Malware-as-a-Service (MaaS). These developments have caused many firms to place a higher premium […]
July 12, 2023
Via: CSO OnlineWith increased deployment of security solutions on cloud infrastructure, hackers have started adopting detection evasion tactics from Windows desktop computers to cloud environments. One such tactic is the use of fileless payloads that never create files on disk and are […]
June 15, 2023
Via: CSO OnlineWhen organizations consider application programming interface (API) security, they typically focus on securing APIs that are written in-house. However, not all the APIs that companies use are developed internally, rather some are designed and developed by other organizations. The problem […]
May 9, 2023
Via: CSO OnlineFor CISOs, the sad truth is that it’s no longer a matter of if an organization will be breached, but when. According to AV-Test, more than 1 million new malware programs have been discovered in 2023 alone. What’s more, with […]
May 1, 2023
Via: CSO OnlineMisinformation and cybersecurity incidents have become the top scourges of the modern digital era. Rarely does a day go by without significant news of a damaging misinformation threat, a ransomware attack, or another malicious cyber incident. As both types of […]
March 7, 2023
Via: CSODistributed denial-of-service (DDoS) attacks represent a significant threat for enterprise businesses. They start when an individual device (bot) or network of devices (botnet) is infected with malware. From there, the bot or botnet will flood websites or services with high […]
February 9, 2023
Via: CSOTrustwave SpiderLabs researchers have cited an increased prevalence of HTML smuggling activity whereby cybercriminal groups abuse the versatility of HTML in combination with social engineering to distribute malware. The firm has detailed four recent HTML smuggling campaigns attempting to lure […]
January 26, 2023
Via: Data Centre & Network NewsWiper malware is an alarming threat to corporate data. Unlike ransomware, which can encrypt and disable your files until you pay a ransom, wiper malware aims to delete your data permanently and cause as much destruction as possible. Once it […]
December 14, 2022
Via: The Fast ModeWhen we think of the metaverse today, we often envision immersive gaming environments such as Fortnite. However, the metaverse will eventually reach beyond gaming into nearly all aspects of business and society. This new type of digital interface will present […]
October 19, 2022
Via: Data Centre & Network NewsUK businesses are facing an unprecedented number of cyber security threats, with senior executives admitting they aren’t confident in their organisation’s abilities to deal with this increase. That is according to the ‘State of Cyber Security in the UK’ report […]
September 26, 2022
Via: CSOReliance on VPNs for remote access is putting enterprises at significant risk as social engineering, ransomware, and malware attacks continue to advance, exposing businesses to greater risk, according to a new report by cloud security company Zscaler. More than 95% […]
September 22, 2022
Via: CSORansomware started out many years as scams where users were being tricked into paying fictitious fines for allegedly engaging in illegal online behavior or, in more serious cases, were blackmailed with compromising videos taken through their webcams by malware. The […]
September 9, 2022
Via: Network ComputingGood network segmentation is a highly recommended network security practice that requires a firewall policy known as an allow-list or whitelist. How should you go about implementing it? What is Network Segmentation? Network segmentation divides the network into security zones […]
June 10, 2022
Via: CSOThe human mind loves to categorize things, and malware is no exception. We here at CSO have done our part: our malware explainer breaks down malware based on how it spreads (self-propagating worms, viruses piggybacking on other code, or sneakily […]
June 9, 2022
Via: CSOResearchers have come across a stealthy Linux backdoor that uses sophisticated techniques to hide itself on compromised servers and steal credentials. Dubbed Symbiote because it injects itself into existing processes, the threat has been in development since at least November […]
June 2, 2022
Via: CSOAs we head into the unofficial start of summer, it does not appear the criminal groups that run ransomware schemes are planning to take any time to rest. Ransomware was all over the infosec news headlines in the past week, […]