Nov 02, 2023The Hacker NewsSaaS Security / Software This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model Securing employees’ SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches […]
Nov 02, 2023NewsroomCyber Attack / Malware The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent. Cybersecurity firm Deep Instinct, which disclosed details of the attacks, said the campaign “exhibits updated TTPs […]
An investigation into the educational technology company GoGuardian revealed the surveillance software used by schools across the country has routinely invaded students’ privacy and incorrectly flagged non-explicit content as harmful, according to an investigation by the Electronic Frontier Foundation. GoGuardian is used to surveil about 27 million students in 11,500 schools nationwide, according to EFF, […]
ESET Research How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there 01 Nov 2023 • , 3 min. read In August 2023, the notorious Mozi botnet, infamous for exploiting vulnerabilities in hundreds of thousands of IoT devices each year, experienced a sudden […]
Nov 02, 2023NewsroomEndpoint Security / Malware As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems. “By exploiting the drivers, an attacker without privilege may erase/alter firmware, […]
The library has stated that there is no evidence of compromised personal information, and they are actively working with cybersecurity experts and law enforcement to investigate the incident.
Dallas County provided an update on the ransomware attack that was reported this week, telling residents that they were able to stop the incident before the hackers could encrypt files or systems. On Monday, the county of nearly 3 million residents confirmed it was dealing with a cybersecurity incident after the Play ransomware gang claimed […]
Nov 02, 2023NewsroomVulnerability Assessment The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015. “This latest version of CVSS 4.0 seeks to provide the highest fidelity of vulnerability […]
Nov 02, 2023NewsroomThreat Intelligence / Vulnerability Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. “In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim […]