Latest Cybersecurity News and Articles
24 March 2023
In this case, Form W-9 is being used as a lure for people to download something sinister. The attachment, W-9 form.zip, is 709 KB in size. Opening the attachment reveals a Word document called W-9 form.doc that is over 500MB in size.
24 March 2023
As we celebrate Women’s History Month, we’re recognizing the significant women who have played a role in shaping the field of cyber security. Learn about one of the amazing and trailblazing individuals who’s making cyber security history. In this exclusive CyberTalk.org interview, the CEO of Safe ID, Sandra Suarez, shares insights into her career path, […]
The post How one CEO founded a successful cyber security company appeared first on CyberTalk.
24 March 2023
The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) has released access management best practices.
24 March 2023
When a victim who is shopping at a compromised online store goes to the checkout page, there will be additional fields injected in the contact form that aren't normally there.
24 March 2023
Recently signed legislation will require state agencies and government contractors to report cybersecurity incidents within 72 hours of an incident.
24 March 2023
The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software.
24 March 2023
Earlier this week 13 new members were appointed to the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Advisory Committee (CSAC).
24 March 2023
In a succinct blog post published today, GitHub acknowledged discovering this week that the RSA SSH private key for GitHub.com had been ephemerally exposed in a public GitHub repository.
24 March 2023
“Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third-party secure file transfer system,” it said.
24 March 2023
A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware.
The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before attracting
24 March 2023
Cisco’s Talos threat intelligence and research unit this week disclosed the details of two high-severity vulnerabilities discovered last year in WellinTech’s KingHistorian industrial data historian software.
24 March 2023
SideCopy APT traditionally uses spear phishing as its method to gain initial entry. Emails in the latest campaign purportedly contain research material about military technologies sent as attachments.
24 March 2023
The Cybernews research team discovered that the South Korean social platform, powderroom.co.kr – which markets itself as the nation’s biggest beauty community – was leaking the private data of a million users.
24 March 2023
This pure Python open-source library has a modular design and is currently offering ten modules, which are meant to be replacements for existing tools for finding known secrets.
24 March 2023
Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of the security team, significantly increases risk.
Whether employees connect through Microsoft 365, Google Workspace, Slack, Salesforce, or any other app, security teams have no way to quantify their
24 March 2023
Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository.
The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to have been undertaken as a measure to prevent any bad actor from impersonating the service or
24 March 2023
McDonald's was slapped with a ?696 million ($530,000) fine for storing backup files that contained users of its McDelivery service on an SMB volume that left sharing enabled. Hackers waltzed in and accessed 4,876,106 users' info.
24 March 2023
CISA and the NSA point out that IAM solutions should be managed, patched, and updated as any other software, to prevent vulnerability exploitation that could lead to the compromise of multiple systems and data.
24 March 2023
Akamai shed light on a Magecart skimmer campaign camouflaged as the Google Tag Manager script. Threat actors reportedly used a new skimmer, Kritec, named after one of its domain names. Its skimming code is heavily obfuscated, mostly via obfuscator[.]io, and loads the malicious JavaScript in an unprecedented way.
24 March 2023
The round was led by Madrona, with participation from Guillermo Rauch, Mango Capital, Dave Wilner, Andreessen Horowitz, S28 Capital, and Fathom Capital. Madrona’s managing director Karan Mehandru joined the board.