Threat analysts have warned against a sophisticated cyber-intrusion campaign that predominantly targets organizations in Japan across the technology, telecommunications, entertainment, education and e-commerce sectors. According to Cisco Talos, who discovered the campaign, the attackers exploited CVE-2024-4577, a remote code execution (RCE)… Read More "Attackers Targeting Japanese Firms with Cobalt Strike"
Inefficiencies, like slow vendor responses, often plague security teams like a persistent headache. At first, it’s just a dull throb in the background. Yes, it’s annoying, but analysts often accept it as the way things are, pushing through the pain… Read More "Vendor Responsiveness Solved: Soothing Your Third-Party Headaches"
Mar 06, 2025Ravie LakshmananMalware / Ransomware The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. “EncryptHub has been observed… Read More "EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing"
Wie lange die Störungen anhalten, ist noch unklar. „Wir arbeiten gemeinsam mit externen Dienstleistern an einer möglichst zügigen Lösung des Problems. Nach aktuellem Stand sind die Versorgungsdienstleistungen nicht betroffen“, versichern die Stadtwerke. Das gelte auch für die Websites der Unternehmen… Read More "Hackerangriff auf Stadtwerke Schwerte | CSO Online"
A new security vulnerability in the Chaty Pro plugin has been identified, potentially allowing attackers to take over WordPress sites by uploading malicious files. Chaty Pro is a popular WordPress plugin offering chat integration with social messaging services and has… Read More "Vulnerability in Chaty Pro Plugin Exposes 18,000 WordPress Sites"
Considered the “brain” of industrial automation, programmable logic controllers (PLCs) are an important factor in industrial control systems (ICS), especially for critical infrastructure in the public sector. PLCs are an industrial computer used to control automated devices in a variety… Read More "Programmable Logic Controllers and Cybersecurity Risk"
The United States Army is employing a prototype generative artificial intelligence tool to identify references to diversity, equity, inclusion, and accessibility (DEIA) for removal from training materials in line with a recent executive order from President Donald Trump. Officials at… Read More "The US Army Is Using ‘CamoGPT’ to Purge DEI From Training Materials"
Mar 06, 2025Ravie LakshmananData Security / Software Security Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as… Read More "Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution"
China’s hacker-for-hire industry According to court documents, among those charged are two officers from China’s Ministry of Public Security (MPS), while the remaining ten worked for Anxun Information Technology, commonly known as i-Soon, a private firm allegedly connected to China’s… Read More "US charges 12 Chinese hackers in major government-backed espionage campaign"
Job satisfaction levels for women working in cybersecurity have plummeted in the past two years, with just 67% reporting being satisfied in 2024 compared to 82% in 2022. The new ISC2 figures also found a drop-off among men working in… Read More "Cybersecurity Job Satisfaction Plummets, Women Hit Hardest"
