Collaborate Disseminate
Hackers don’t always steal data. Sometimes the goal is to manipulate the data to intentionally trigger external events that can be capitalized on. Continue reading What are Data Manipulation Attacks, and How to Mitigate Against Them
Experts sound off on how companies can work with their third-party suppliers and partners to secure the end-to-end supply chain. Continue reading Supply Chain Security: Managing a Complex Risk Profile
Cisco Systems has released a new patch for a remotely exploitable privilege escalation vulnerability after security researchers found that its previous fix was incomplete. The company first patched the vulnerability, known as WebExec or CVE-2018-15442… Continue reading Cisco Takes Another Stab at Patching Recent WebEx Vulnerability
The past year has been extremely eventful in terms of the digital threats faced by financial institutions: cybercrime groups have used new infiltration techniques, and the geography of attacks has become more extensive. Continue reading Cyberthreats to financial institutions 2019: overview and predictions
Asking the most intelligent people I know, and basing our scenario on APT attacks because they traditionally show the most innovation when it comes to breaking security, here are our main ‘predictions’ of what might happen in the next few months. Continue reading Kaspersky Security Bulletin: Threat Predictions for 2019
No one is really sure who to believe after Businessweek’s bombshell story on an alleged Chinese supply chain attack against Apple, Amazon, and others. Continue reading The Cybersecurity World Is Debating WTF Is Going on With Bloomberg’s Chinese Microchip Stories
Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened Sept. 4 at 14:30 UTC (10:30 a.m. ES… Continue reading Hackers Replace MEGA Chrome Extension with Trojanized Version
A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection (Windows Defender ATP) emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF edito… Continue reading Attack inception: Compromised supply chain within a supply chain poses new risks
Stolen or brute-forced remote desktop protocol (RDP) credentials have played a central role in many data breaches over the years and cybercriminals have made a business out of selling them on the underground market. For as little as $3, hackers can bu… Continue reading Dark Market Shop Sells RDP Access to Airport System for $10
Security researchers have found evidence that a cyberespionage group has somehow compromised secure USB drives used by government agencies in South Korea, which might have allowed them to target air-gapped systems. “Weaponizing a secure USB driv… Continue reading Spy Group Targeted Air-Gapped Systems via Compromised Secure USB Drives