Latest Cybersecurity News and Articles
17 May 2024
OWASP dep-scan is an open-source security and risk assessment tool that analyzes project dependencies to identify vulnerabilities, licensing issues, and potential risks like dependency confusion attacks.
17 May 2024
The UK's NCSC has launched a new "Share and Defend" system that will provide internet service providers with the same malicious domain blocklists used to protect government networks, helping to raise cybersecurity resilience across the country.
17 May 2024
Cybersecurity leaders expect their security operations center (SOC) budgets to grow by up to 20% over the next two years, with the average annual SOC budget currently standing at $14.6 million, according to a survey conducted by KPMG.
17 May 2024
Organizations are increasingly using AI-powered measures to address the rise in cloud security incidents, as traditional tools struggle to keep up with rapid technological advancements and sophisticated cyber threats.
17 May 2024
A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside.
The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber
17 May 2024
Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year.
"Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes
17 May 2024
The FCC is proposing to mandate that broadband providers develop BGP security plans and document their use of the Resource Public Key Infrastructure (RPKI) security framework.
17 May 2024
As per cybersecurity insurance firm At-Bay, remote-access tools, particularly self-managed VPNs from Cisco and Citrix, were the primary intrusion point for most ransomware attacks in 2023, accounting for over 60% of incidents.
17 May 2024
The vulnerability can be exploited on multi-user machines, where an attacker can prepare a local repository to look like a partial clone that is missing an object, causing Git to execute arbitrary code during the clone operation.
17 May 2024
Traditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount of risk, according to Claroty.
17 May 2024
The cybercriminal group GhostSec has shifted from ransomware to hacktivism, stating they've gathered enough funds and will now focus on promoting social and political agendas through hacking.
17 May 2024
The U.S. government is offering a $5 million reward for information on a network of North Korean IT workers who allegedly scammed U.S. companies out of nearly $7 million through a job fraud scheme.
17 May 2024
The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations.
The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between
17 May 2024
Cybercriminals are exploiting Microsoft's Quick Assist tool to conduct social engineering attacks and deliver ransomware like Black Basta to target users across various industries.
17 May 2024
Despite repeated efforts by the CISA to eliminate common software vulnerabilities, unsafe software development practices continue to persist across the industry, highlighting the challenges in driving change in coding practices.
17 May 2024
A design flaw in the IEEE 802.11 Wi-Fi standard allows attackers to trick victims into connecting to a less secure wireless network than the one they intended to connect to, exposing them to higher risks of traffic interception and manipulation.
17 May 2024
Cybercriminals have weaponized popular software tools like WinSCP and PuTTY to deliver ransomware, tricking users into downloading malicious installers that infect their systems with a Sliver beacon and other malicious payloads.
17 May 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2014-100005 - A cross-site request forgery (CSRF) vulnerability impacting D-Link DIR-600 routers that allows an
17 May 2024
The CISA announced that 68 leading software manufacturers voluntarily committed to CISA’s Secure by Design pledge.
16 May 2024
Two brothers, Anton Peraire-Bueno and James Pepaire-Bueno, were arrested for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme.