Polymath Central

Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs

November 13, 2024

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among…

Cybersecurity

Iranian Hackers Use “Dream Job” Lures to Deploy SnailResin Malware in Aerospace Attacks

November 13, 2024

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group’s playbook to orchestrate its own version of the Dream Job…

Cybersecurity

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

November 12, 2024

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by…

Cybersecurity

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

November 12, 2024

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr,…

Cybersecurity

North Korean Hackers Target macOS Using Flutter-Embedded Malware

November 12, 2024

Threat actors with ties to the Democratic People’s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has…

Cybersecurity

5 Ways Behavioral Analytics is Revolutionizing Incident Response

November 12, 2024

Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection…

Cybersecurity

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

November 12, 2024

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. “Ymir ransomware…

Cybersecurity

New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia

November 11, 2024

In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. “In this case, we found the GootLoader actors…

Cybersecurity

The ROI of Security Investments: How Cybersecurity Leaders Prove It

November 11, 2024

Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation…

Cybersecurity

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 – Nov 10)

November 11, 2024

⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car’s tech system, even your security software—turned into silent allies for hackers. Sounds like a…