Organizations that don’t implement end-to-end HTTP/2 are vulnerable to attacks that redirect users to malicious sites and other threats, security researcher reveals at Black Hat USA.
Read More HTTP/2 Implementation Errors Exposing Websites to Serious RisksOrganizations that don’t implement end-to-end HTTP/2 are vulnerable to attacks that redirect users to malicious sites and other threats, security researcher reveals at Black Hat USA.
Read More HTTP/2 Implementation Errors Exposing Websites to Serious RisksDOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
Read More US Accuses China of Using Criminal Hackers in Cyber Espionage OperationsMany organizations remain unprepared to detect, respond, and contain a breach, a new survey shows.
Read More Despite Heightened Breach Fears, Incident Response Capabilities LagEradicating ‘privileged intruders’ from the network in the aftermath of an attack poses major challenges, experts say.
Read More The Long Road to Rebuilding Trust after ‘Golden SAML’-Like AttacksOrganizations should apply principles of least privilege to mitigate threats, security researcher says.
Read More New Techniques Emerge for Abusing Windows Services to Gain System ControlTen years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use, new report says.
Read More Newer Generic Top-Level Domains a Security ‘Nuisance’Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.
Read More Hundreds of Millions of Dell Computers Potentially Vulnerable to AttackUNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
Read More New Threat Group Carrying Out Aggressive Ransomware CampaignIronically, EDR’s success has spawned demand for technology that extends beyond it.
Read More XDR Pushing Endpoint Detection and Response Technologies to ExtinctionSeveral gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.
Read More North Korea’s Lazarus Group Expands to Stealing Defense SecretsLazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
Read More New APT Group Targets Airline Industry & ImmigrationThe tactic makes it much harder for defenders to take down botnets via sinkholing and other standard techniques, Akamai says.
Read More Botnet Uses Blockchain to Obfuscate Backup Command & Control InformationFireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group.
Read More Accellion Data Breach Resulted in Extortion Attempts Against Multiple VictimsIn a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
Read More Apple Offers Closer Look at Its Platform Security Technologies, FeaturesFBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.
Read More US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3BThe third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
Read More Compromised Credentials Show That Abuse Happens in Multiple PhasesConsumer banks, exchanges, payment firms, and card issuing companies around the globe were among those hit.
Read More 100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020Expect increase in ransomware and ‘triple extortion’ attacks, Cyber Threat Intelligence League says.
Read More Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare SectorTwo months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
Read More 7 Things We Know So Far About the SolarWinds AttacksFlaw leaves millions of IT, OT, and IoT devices vulnerable to attack.
Read More High-Severity Vulnerabilities Discovered in Multiple Embedded TCP/IP StacksA new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.
Read More Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government