Collaborate Disseminate
An unauthenticated remote code execution flaw (CVE-2022-27518) is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller (ADC) deployments, the US National Security Agency has warned. “Targeting Ci… Continue reading State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)
A computer program known as a “bot” acts as an agent for a user or another program or mimics human action. Bots are typically used to automate particular tasks so they can be used without specific human instructions. In this Help Net Securi… Continue reading Deal with sophisticated bot attacks: Learn, adapt, improve
Elastic released the 2022 Elastic Global Threat Report, detailing the evolving nature of cybersecurity threats, as well as the increased sophistication of cloud and endpoint-related attacks. Human error poses the greatest risk to cloud security 33% of … Continue reading 33% of attacks in the cloud leverage credential access
Since the early stages of the pandemic, account takeover fraud (ATO) has significantly transformed, quickly becoming one of the fastest-growing cybersecurity threats with 22% of adults in the US falling victim to this attack. With new user fraud, synth… Continue reading How an effective fraud prevention strategy can force fraudsters to invest more in their attacks
The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this, in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck… Continue reading Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks
A school’s ecosystem is far different from that of the typical enterprise. Not only does a school district face the monumental task of educating our upcoming generations, but they must do it at the scale of a Fortune 500 enterprise with a fraction of t… Continue reading Overcoming unique cybersecurity challenges in schools
Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there’s the […]
The post Emotional Blowback: Dealing With Post-Incident Stress appeared first on Security Intelligence.
Continue reading Emotional Blowback: Dealing With Post-Incident Stress
Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it:
On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes. The attack works by exploiting a vulnerability in the TTE protocol. The work was completed by researchers at the University of Michigan, the University of Pennsylvania, and NASA’s Johnson Space Center…
Advanced persistent threats (APT) are a type of attack that’s usually carried out or sponsored by a nation-state, and unlike other types of malware attacks, these pose their own challenges. There are different phases of an APT attack. Typically, … Continue reading The challenges of tracking APT attacks
Specops Software released a research analyzing the top passwords used in live attacks against Remote Desktop Protocol (RDP) ports. This analysis coincides with the latest addition of over 34 million compromised passwords to the Specops Breached Passwor… Continue reading Top passwords used in RDP brute-force attacks