A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat… Read More "GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks"
How Hybrid Password Attacks Work and How to Defend Against Them
Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.… Read More "How Hybrid Password Attacks Work and How to Defend Against Them"
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
Oct 11, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance… Read More "CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance"
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
Oct 11, 2024Ravie LakshmananDevOps / Vulnerability GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on… Read More "New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution"
Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation
Oct 11, 2024Ravie LakshmananCybercrime / Dark Web The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown… Read More "Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation"
6 Simple Steps to Eliminate SOC Analyst Burnout
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant… Read More "6 Simple Steps to Eliminate SOC Analyst Burnout"
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
Oct 10, 2024Ravie LakshmananCybercrime / Disinformation OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity… Read More "OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation"
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems
Oct 10, 2024Ravie LakshmananVulnerability / Enterprise Security Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the… Read More "Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems"
Firefox Zero-Day Under Attack: Update Your Browser Immediately
Oct 10, 2024Ravie LakshmananVulnerability / Browser Security Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as… Read More "Firefox Zero-Day Under Attack: Update Your Browser Immediately"
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
Oct 10, 2024Ravie LakshmananCybercrime / Malware Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. “At first glance, the thing that stood out was the script’s… Read More "Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms"