Category: Uncategorized
-

IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools [email protected] (The Hacker News)
High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called ElizaRAT and a new stealer payload dubbed ApoloStealer on specific victims of interest,…
-

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware [email protected] (The Hacker News)
A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. “This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem,…
-

The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses [email protected] (The Hacker News)
We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model,…
-

Webinar: Learn How Storytelling Can Make Cybersecurity Training Fun and Effective [email protected] (The Hacker News)
Let’s face it—traditional security training can feel as thrilling as reading the fine print on a software update. It’s routine, predictable, and, let’s be honest, often forgotten the moment it’s over. Now, imagine cybersecurity training that’s as unforgettable as your favorite show. Remember how “Hamilton” made history come alive, or how “The Office” taught us…
-
Cisco URWB Access Point Command Injection Vulnerability (CVE-2024-20418)
What is the Vulnerability?A maximum severity security (CVS Score 10.0) vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper…
-

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus [email protected] (The Hacker News)
Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The “intriguing” campaign, codenamed CRON#TRAP, starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email.…
-

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool thatRead More
-
How to create an enterprise cloud security budget
Post ContentRead More
-
Ransomware attacks caused prolonged disruptions in October
Post ContentRead More
-
Google DORA issues platform engineering caveats
Post ContentRead More
