After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and technologies alone are not enough to mitigate cyber risk. As tech stacks have grown more sophisticated and capable, attackers have shifted their focus. They are no longer focusing on infrastructure vulnerabilitiesRead More »Why Your Security Culture is Critical to Mitigating Cyber Risk
A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature to trigger a previouslyRead More »Zero-Day Exploit in WinRAR File
A new public exploit chains two critical flaws in SAP NetWeaver, exposing unpatched instances to code execution attacks. The post New Exploit Poses Threat to SAP NetWeaver Instances appeared first on SecurityWeek.
Summary In September 2024, we detected malicious activity targeting financial (trading and brokerage) firms through the distribution of malicious .scr (screen saver) files disguised as financial documents via Skype messenger. The threat actor deployed a newly identified Remote Access Trojan (RAT) named GodRAT, which is based on the Gh0st RATRead More »GodRAT – New RAT targeting financial institutions
Have I Been Pwned has analyzed the information made public by the hackers who recently targeted Allianz Life. The post 1.1 Million Unique Records Identified in Allianz Life Data Leak appeared first on SecurityWeek.
Citizen Lab has identified links between multiple VPN providers, and multiple security weaknesses in their mobile applications. The post New Research Links VPN Apps, Highlights Security Deficiencies appeared first on SecurityWeek.
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. “These changes improve PyPI’s overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts,” MikeRead More »PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
From hacked satellites to nuclear threats in orbit, the battle for dominance beyond Earth is redefining modern warfare and national security. The post Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield appeared first on SecurityWeek.
Cybersecurity is increasingly becoming a business matter in manufacturing.
The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. “The Noodlophile campaign, active for over a year, now leverages advanced spear-phishing emailsRead More »Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
