Cybersecurity
Category Added in a WPeMatico Campaign
Dec 11, 2023NewsroomThreat Intelligence / Cyber Attack Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that’s known to use a backdoor known as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that […]
Kelvin Security has been active since 2013, targeting public-facing systems to obtain user credentials and steal confidential data, which they would sell or leak on hacking forums.
The University of Wollongong has become the latest victim of a data breach, as confirmed by university officials. In a statement released over the weekend, the institution acknowledged the University of Wollongong data breach and assured the public that measures are being taken to contain the incident. Both staff and students are believed to be […]
VC investment trends in the cybersecurity market suggest a sector in decline — at least within the context of recent months. According to Crunchbase, cybersecurity deal count fell during Q3 to 153 deals from 181 in Q2. In a more detailed report, Crunchbase suggests that, with Q3 cybersecurity venture funding down 30% compared to the […]
Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2 Pierluigi Paganini December 11, 2023 The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of […]
Security experts have unmasked a new trick adopted by the GULOADER malware to evade detection by antivirus software. The highly evasive shellcode downloader malware, which typically spreads through emails bearing ZIP archives or links containing a VBScript file, has been found leveraging Vectored Exception Handler (VEH) capability to make analysis challenging. More in detail According […]
Insider threats, including both malicious attacks and unintentional risks, are on the rise, with privilege escalation exploits being a significant component of unauthorized activity.
CISA and ENISA signed a Working Arrangement to enhance cooperation Pierluigi Paganini December 11, 2023 ENISA has signed a Working Arrangement with the US CISA to enhance capacity-building, best practices exchange and awareness. The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) to enhance […]
Dec 11, 2023NewsroomVulnerability / Espionage The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation […]