Cyber Story Time: The Boy Who Cried “Secure!”
As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in…
North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of…
Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which…
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest…
Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic…
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
Threat hunters are warning about an updated version of the Python-based NodeStealer that’s now equipped to extract more information from victims’ Facebook Ads Manager accounts and harvest credit card data…
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals…
Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity
Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech…
NHIs Are the Future of Cybersecurity: Meet NHIDR
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they…
Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges…