Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to … Continue reading New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS.
“The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware … Continue reading Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT… Continue reading 6 Ways to Simplify SaaS Identity Governance
On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in three states were hit by a ransomware attack,… Continue reading Cybersecurity for Healthcare—Diagnosing the Threat Landscape and Prescribing Solutions for Recovery
Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022.
The malware is “notable for its ability to automatically filter out Facebook session cookies and creden… Continue reading New ‘VietCredCare’ Stealer Targeting Facebook Advertisers in Vietnam
End-to-end encrypted (E2EE) messaging app Signal said it’s piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers away from prying eyes.
“If you use Signal, your phone numb… Continue reading Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private
Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related disinformation.
The activity has been linked to Russia-aligned threat actors by Slovak cybersecurity company ESET, … Continue reading Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw.
Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary aut… Continue reading VMware Alert: Uninstall EAP Now – Critical Flaw Puts Active Directory at Risk
A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts.
“This particular campaign involves the use of a number of novel system weakening technique… Continue reading New Migo Malware Targeting Redis Servers for Cryptocurrency Mining
The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit’s source code as well as intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos.
“Some of the data… Continue reading LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released