Cybersecurity
Category Added in a WPeMatico Campaign
Sep 20, 2023THNEncryption / Privacy Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). “With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built […]
Observability’s adoption is on the rise and full-stack observability leads to better service-level metrics, such as fewer, shorter outages and lower outage costs, according to New Relic. Respondents receive a median $2 return per $1 of investment in observability, with 41% receiving more than $1 million total annual value. According to the research, organizations are […]
Sep 20, 2023THNZero Day / Vulnerability Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that’s bundled […]
In a recent security incident, Sophos detected the most recent variant of the BlackCat/ALPHV variant, named Sphynx. This version introduces new functionalities and has been employed to encrypt Azure Storage accounts. In this incident, The attackers managed to infiltrate a victim’s Sophos Central account and successfully encrypted 39 Azure Storage accounts. Modus operandi After gaining […]
Sep 20, 2023THNVulnerability / Software Security GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and […]
FBI Director Christopher Wray urged private sector organizations to help the agency by coming forward with information regarding malicious cyber activity. Wray told attendees at Mandiant’s annual mWISE 2023 conference Monday that many of the agency’s successful cyber operations in recent years were accomplished with the assistance of private sector partners. He emphasized organization would […]
Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, discovered by Akamai researcher Tomer Peled, is a command injection vulnerability that can be exploited by applying a malicious YAML file on the cluster. “The Kubernetes […]
A recently discovered Linux backdoor malware, named SprySOCKS, was observed in a cyberespionage campaign targeting government agencies in multiple countries. The campaign was attributed to the Chinese hacking group Earth Lusca. More about SprySOCKS In the campaign, the attackers used a Linux variant of the ELF injector called mandibule to drop SprySOCKS. The backdoor employs […]
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power. The […]