The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code. The most severe of the vulnerabilities are listed below – CVE-2024-25641 (CVSS score: 9.1) – An arbitrary file write vulnerability in the “Package Import” feature that
The FCC’s new robocall bad actor classification system, called Consumer Communications Information Services Threat (C-CIST), aims to help authorities identify and track threat actors abusing telecommunications infrastructure.
Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data. When deploying
Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation. “The incident involves a threat actor overwhelming a user’s email with junk and calling the user, offering assistance,” Rapid7 researchers Tyler McGraw, Thomas Elkins, and
Cybercriminals are using an automated service called “Estate” to steal one-time passcodes and hijack user accounts, including bank accounts, crypto wallets, and other sensitive services, by tricking them into revealing the codes over the phone.
The Scattered Spider, a group of hackers, has been actively attacking the finance and insurance industries worldwide, using tactics like domain impersonation, SIM swapping, and partnering with the BlackCat ransomware group to breach high-value firms.
The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to a report by Trellix.
Red teaming involves employing ethical hackers to rigorously test AI systems for security and safety issues. It is crucial for developing responsible AI that balances innovation and compliance with ethical standards and regulatory requirements.
Researchers at Cyble discovered a new ransomware variant called Trinity that employs a double extortion technique and shares similarities with the Venus ransomware, suggesting a potential link or common actor behind these two variants.