SaaS in the Real World: Who's Responsible to Secure this Data?

When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible...

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server sshd. Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in...

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server sshd. Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in...

FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection

An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for...

FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection

An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for...

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate...

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate...

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team CERT of France said i...

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team CERT of France said i...

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

Two new security weaknesses discovered in several electric vehicle EV charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing th...

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

Two new security weaknesses discovered in several electric vehicle EV charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing th...

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,...

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,...

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to...

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to...

The Pivot: How MSPs Can Turn a Challenge Into a Once-in-a-Decade Opportunity

Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers MSPs. That's the main insight from a recent study from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a...

The Pivot: How MSPs Can Turn a Challenge Into a Once-in-a-Decade Opportunity

Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers MSPs. That's the main insight from a recent study from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a...

Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 CVSS score: 9.4...

Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 CVSS score: 9.4...

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service DoS or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol SOAP interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1...

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service DoS or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol SOAP interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1...

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre SCPC of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium,...

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre SCPC of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium,...

Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?

Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions. Howeve...

Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?

Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions. Howeve...

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure formerly F-Secure, which codenamed the...

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure formerly F-Secure, which codenamed the...

New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional...

New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional...

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service DoS and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version...

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service DoS and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version...

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice...

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice...

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users...

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users...

Auditing Kubernetes with Open Source SIEM and XDR

Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations,...

Auditing Kubernetes with Open Source SIEM and XDR

Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations,...

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

The Brazilian threat actors behind an advanced and modular point-of-sale PoS malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex 06.03.808...

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

The Brazilian threat actors behind an advanced and modular point-of-sale PoS malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex 06.03.808...

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network MPN accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulen...

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network MPN accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulen...

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until n...

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until n...

You Don't Know Where Your Secrets Are

Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 9...

You Don't Know Where Your Secrets Are

Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 9...

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting...