CISA’s Known Vulnerabilities Impact 15M Public Services

CISA’s Known Exploited Vulnerabilities (KEV) catalog is the authoritative source of information on past or currently exploited vulnerabilities. In a new report, the Rezilion research team analyzed vulnerabilities in the current KEV catalog. The results revealed a whopping 15 million vulnerable instances. And the majority of the occurrences were Microsoft Windows instances. Rezilion notes that […]

The post CISA’s Known Vulnerabilities Impact 15M Public Services appeared first on Security Intelligence.

Continue reading CISA’s Known Vulnerabilities Impact 15M Public Services

Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign

A group called “Dark Pink” is likely based in Southeast Asia and shows signs of development and ongoing activity, researchers say.

The post Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign appeared first on CyberScoop.

Continue reading Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign

HEAT and EASM: What to Know About the Top Acronyms at RSA

The cybersecurity industry is littered with acronyms. SIEM. EDR. APT. CISO. CISA. The list goes on and on. So it wasn’t surprising that there were a lot of acronyms in RSAC 2023’s sessions and keynotes, as well as in the dozens of news items and studies released during the conference. The hottest acronym, by far, […]

The post HEAT and EASM: What to Know About the Top Acronyms at RSA appeared first on Security Intelligence.

Continue reading HEAT and EASM: What to Know About the Top Acronyms at RSA

How Morris Worm Command and Control Changed Cybersecurity

A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable data. The key to all this is a well-developed Command and Control (C2 or C&C) […]

The post How Morris Worm Command and Control Changed Cybersecurity appeared first on Security Intelligence.

Continue reading How Morris Worm Command and Control Changed Cybersecurity

Breaking Down a Cyberattack, One Kill Chain Step at a Time

In today’s wildly unpredictable threat landscape, the modern enterprise should be familiar with the cyber kill chain concept. A cyber kill chain describes the various stages of a cyberattack pertaining to network security. Lockheed Martin developed the cyber kill chain framework to help organizations identify and prevent cyber intrusions. The steps in a kill chain […]

The post Breaking Down a Cyberattack, One Kill Chain Step at a Time appeared first on Security Intelligence.

Continue reading Breaking Down a Cyberattack, One Kill Chain Step at a Time

Beware of What Is Lurking in the Shadows of Your IT

This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations must prepare for. Shadow IT […]

The post Beware of What Is Lurking in the Shadows of Your IT appeared first on Security Intelligence.

Continue reading Beware of What Is Lurking in the Shadows of Your IT

Hackers maintained deep access inside military organization’s network, U.S. officials reveal

A U.S. government cybersecurity advisory includes details about the sophisticated attack on an unnamed defense industrial base organization.

The post Hackers maintained deep access inside military organization’s network, U.S. officials reveal appeared first on CyberScoop.

Continue reading Hackers maintained deep access inside military organization’s network, U.S. officials reveal

U.S., allies warn of rising recent and future attacks on managed service providers

The internationally coordinated notice offers specific best practices for MSPs and customers amid warnings of increasing threats.

The post U.S., allies warn of rising recent and future attacks on managed service providers appeared first on CyberScoop.

Continue reading U.S., allies warn of rising recent and future attacks on managed service providers

U.S., allies warn of rising recent and future attacks on managed service providers

The internationally coordinated notice offers specific best practices for MSPs and customers amid warnings of increasing threats.

The post U.S., allies warn of rising recent and future attacks on managed service providers appeared first on CyberScoop.

Continue reading U.S., allies warn of rising recent and future attacks on managed service providers

North Korea aims ‘TraderTraitor’ malware at cryptocurrency workers

The Cybersecurity and Infrastructure Security Agency is attributing the campaign to hackers known as the Lazarus Group.

The post North Korea aims ‘TraderTraitor’ malware at cryptocurrency workers appeared first on CyberScoop.

Continue reading North Korea aims ‘TraderTraitor’ malware at cryptocurrency workers