SEARCH
All Articles
TeamViewer Ties Cyberattack to Russian APT29 Group
After disclosing a security incident on Thursday, remote access software company TeamViewer on Friday said that the attack was “tied to credentials of a standard employee account” within its Corporate IT environment.
Exploit Code Released For Fortra SQL Injection Bug
Fortra disclosed a critical-severity SQL injection flaw in FileCatalyst Workflow, and researchers have also published a proof-of-concept exploit code for the bug.
Researchers Warn of Widespread Polyfill Supply Chain Attack
The popular polyfill.io JavaScript library has been used to inject malicious code into thousands of sites in the last few days.
Cisco Talos: How Threat Actors Target MFA
According to the latest Cisco Talos Incident Response Quarterly Trends report, instances related to MFA were involved in some capacity in half of all security incidents that the Talos team responded to in the first quarter of 2024.
Critical MOVEit Authentication Bypass Flaws Fixed
The flaws include a critical-severity MOVEit Transfer authentication bypass bug (CVE-2024-5806).
Chinese APT Moves to Ransomware in Some Intrusions
A Chinese APT known as ChamelGang has been deploying the CatB ransomware in some intrusions around the world.
European Council Sanctions Individuals Tied to Conti, Trickbot
The European Council has sanctioned six individuals allegedly tied to the Wizard Spider, Armageddon and Callisto threat groups.
Decipher Podcast: Metin Kortak
Metin Kortak, CISO with Rhymetec, talks about how organizations are approaching data privacy and security compliance, and thinking about risk management policies, when it comes to generative AI in the workplace.
Espionage Threat Actor Hits Multiple Government Entities
Cisco Talos researchers have linked known Gh0stRAT campaigns targeting public and private sector entities to a Chinese-speaking threat actor called SneakyChef.
Serious Flaws Fixed in ExpressionEngine CMS
Packet Tide has fixed a group of XSS vulnerabilities and an open HTTP redirection bug in its ExpressionEngine content management system, some of which could give an attacker admin access.
UNC3886 Leverages Zero Days, Novel Backdoor Variants
A new deep-dive investigation into the known UNC3886 gives insight into how the China-linked threat actor “operates in a sophisticated, cautious, and evasive nature.”
VMware Warns of Critical vCenter Server Flaws
Two critical vulnerabilities in VMware's vCenter Server centralized management utility could allow remote code execution.
Heat, Kelso and the Hacker Mindset
In the 1995 classic Heat, the character Kelso is an old-school hacker with a background as a DARPA scientist who uses his knowledge to sell scores to criminals. Meg Gardiner, Casey Ellis, and Dennis Fisher discuss his connection to the hacker ethos.
Latest EU Proposal ‘Fundamentally Undermines Encryption’
A recent proposal in discussion in the European Union Council would mandate "upload moderation" of encrypted content, something that would break encryption for everyone, Singal's president said.
Fake Error Messages Used in Lumma Stealer, RAT Attacks
Researchers have been tracking a social engineering technique in ongoing attacks where a pop-up message gives end users instructions to manually copy and paste a malicious script, leading to the deployment of malware.