The New Era of Application Security: Reasoning-Based Agents, Runtime Reality, and Risk Intelligence

Key Takeaways AI reasoning systems improve vulnerability detection in source code, but do not address the full spectrum of application security risk. Modern application security must account for APIs, runtime environments, and externally exposed assets beyond the source repository. Continuous...

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...

Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack

An Iranian advanced persistent threat APT actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong. The wiper, referred to as Fantasy by ESET, is believed to have been delivered via a supply-chain attack...

Why Ransomware in Education on the Rise and What That Means for 2023

The breach of LA Unified School District LAUSD highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education. The Labor Day weekend breach of LAUSD brought significant districtwide disruptio...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...

FamousSparrow APT Spies on Hotels, Governments

A cyberespionage group dubbed “FamousSparrow” by researchers has taken flight, targeting hotels, governments and private organizations around the world with a custom backdoor called, appropriately, “SparrowDoor.” It’s one of the advanced persistent threats APTs that targeted the ProxyLogon...

Zoho ManageEngine Password Manager Zero-Day Gets Fix

A critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform could allow remote attackers to bypass authentication and have free rein across users’ Active Directory AD and cloud accounts. The issue CVE-2021-40539 has been actively exploited in the wild as a zero-day,...

Utilities ‘Concerningly’ at Risk from Active Exploits

The amount of time that utility networks spend exposed to a known application exploit has spiked over the past two months — something analysts called out as a “concerning datapoint,” and an important reminder that ransomware isn’t the only threat utility networks need to secure against. A new...

How Cybersecurity Enables Government, Health, EduTech Cope With COVID-19

The advent of the Covid-19 pandemic and the impact on our society has resulted in many dramatic changes to how people are traveling, interacting with each other, and collaborating at work. There are several trends taking place as a consequence of the outbreak, which has only continued to heighten...