Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces.  Breach containment is essential, and zero trust security principles can be applied to […]

The post Contain Breaches and Gain Visibility With Microsegmentation appeared first on Security Intelligence.

Continue reading Contain Breaches and Gain Visibility With Microsegmentation

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos […]

The post Kronos Malware Reemerges with Increased Functionality appeared first on Security Intelligence.

Continue reading Kronos Malware Reemerges with Increased Functionality

Samsung Galaxy Store Flaws Can Lead to Unwanted App Installations, Code Execution

Cybersecurity firm NCC Group has shared details on two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.
read more Continue reading Samsung Galaxy Store Flaws Can Lead to Unwanted App Installations, Code Execution

Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability

Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.
read more Continue reading Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability

Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List

The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical — and already exploited — security vulnerability in the widely used CentOS Control Web Panel utility.
read more Continue reading Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List

Critical Git Vulnerabilities Discovered in Source Code Security Audit

A source code security audit has led to the discovery of several vulnerabilities in Git, the widely used distributed version control system.
The results of the security audit, sponsored by OSTIF and conducted by X41 and GitLab, were made public this we… Continue reading Critical Git Vulnerabilities Discovered in Source Code Security Audit

Self-Checkout This Discord C2

In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated […]

The post Self-Checkout This Discord C2 appeared first on Security Intelligence.

Continue reading Self-Checkout This Discord C2