New Linux Variant of Bifrost RAT Utilizes Deceptive Domain for Evasion

Summary: A new Linux variant of the Bifrost RAT evades detection using a deceptive VMware domain, aiming to compromise systems. This persistent threat spreads through malicious emails and sites, harvesting sensitive data and now includes an ARM version, emphasizing the need for vigilant...

How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what cybersecurity...

Exploring Changing SOC Landscapes

The landscape of cybersecurity is continuously evolving, with new threats emerging and the roles and responsibilities of security professionals constantly adapting...

Water Hydra Exploits CVE-2024-21412 to Target Financial Traders

Summary: Water Hydra exploited CVE-2024-21412 to bypass Microsoft Defender SmartScreen, targeting financial traders with DarkMe malware through sophisticated spearphishing tactics. This underscores the persistent threat of APT groups and highlights the challenge of defending against evolving atta...

Data Matters — Is Your API Security Data Rich or Data Poor?

Taking a data-rich approach to security is the most effective way to stay a step ahead of today’s quickly evolving API threats...

Medusa Ransomware Unleashed A Growing Cybersecurity Menace

Summary: Medusa ransomware, a potent threat since late 2022, employs a multi-extortion approach via its Medusa Blog, disclosing victim data and pressuring non-compliant organizations. Operating as a ransomware-as-a-service, Medusas global impact underscores the need for proactive cybersecurity...

Investment fraud a serious money maker for criminals

Europols’s spotlight report ‘Online fraud schemes: a web of deceit’, looks into online fraud schemes—a major crime threat in the EU and beyond—and one of the reports primary themes is investment fraud. But first I want to share some more remarkable conclusions from the report: Charity scams that...

CISO: Top 10 Trends for 2024

I recently hosted and moderated a distinguished panel of Chief Information Security Officers CISOs - Nitin Raina, CISO at ThoughtWorks, Mike Wilkes, former CISO at Marvel and Yogesh Badwe, CSO at Druva. We discussed major trends for 2024 across an array of topics including the evolving threat...

2024 Trends for Securing Your Business Premises: Essential Strategies and Technologies

By Waqas As you look ahead to 2024, the landscape of physical security is evolving rapidly, with new trends emerging… This is a post from HackRead.com Read the original post: 2024 Trends for Securing Your Business Premises: Essential Strategies and Technologies...

Hive Pro and ICS Arabia announce strategic partnership to enhance the reach of Threat Exposure Management to Smart Cities and Digital Infrastructure

HERNDON, VA., Nov. 28, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, announced a strategic partnership with ICS Arabia, a front-runner in the development of Smart Cities and Digital Infrastructure in the Kingdom of Saudi Arabia and the Middle East. This partnership heralds a...

Why Defenders Should Embrace a Hacker Mindset

Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have intern...

Scattered Spider Cyber Threat Key Findings and Security Measures

Summary: A cybercriminal group, Scattered Spider, known for targeting commercial facilities, highlighting their evolving tactics, social engineering expertise, phishing, and SIM swap attacks, evolving techniques like file encryption post-exfiltration to maintain persistence and adapt to security...

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...

Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response XDR capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and showcas...

Looking back at Black Hat 2023

From AI to the evolving threat landscape, Black Hat 2023 spotlighted the security industrys latest and greatest innovations...

Condition will not revert when block.timestamp is == to the compared variable

Lines of code Vulnerability details Medium Issues | | Issue | Instances ---|---|--- M-1 | Condition will not revert when block.timestamp is == to the compared variable | 1 M-1 Condition will not revert when block.timestamp is == to the compared variable The condition does not revert when...

3 Steps to Elevate Your Cybersecurity in a Post-Pandemic World

As cybercrime grows more sophisticated in the remote work era, you can take three essential steps to fortify your organization against evolving threats...

Microsoft’s AI Red Team Has Already Made the Case for Itself

Since 2018, a dedicated team within Microsoft has attacked machine learning systems to make them safer. But with the public release of new generative AI tools, the field is already evolving...

Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation

As the business environment becomes increasingly connected, organizations' attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan...

New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions

A new information-stealing malware called Mystic Stealer has been found to steal data from about 40 different web browsers and over 70 web browser extensions. First advertised on April 25, 2023, for $150 per month, the malware also targets cryptocurrency wallets, Steam, and Telegram, and employs...