Recent Security News
-
Weaponized AWS SES Accounts Anchor Massive Stealth Attack
January 18, 2024 at 01:02PM Two cybercriminal groups used a French transportation company’s AWS accounts to send phishing emails, exploiting Amazon Web Services’ Simple Email Service (SES). The attackers bypassed spam filters and took advantage of SES’ features to send high volumes of emails. Cloud email attacks pose challenges in prevention and detection, with potential…
-
Haier hits Home Assistant plugin dev with takedown notice
January 18, 2024 at 12:37PM Haier issued a takedown notice to a developer for creating Home Assistant integration plugins for its home appliances on GitHub. The developer received a legal threat demanding the removal of the tools citing unauthorized use and significant economic harm. The plugins, although open-source, may incorporate Haier’s intellectual property. Haier’s actions…
-
Modernize Federal Cybersecurity Strategy with FedRAMP
January 18, 2024 at 12:14PM Government modernization of cybersecurity strategies, including FedRAMP adoption and value-driven digital ecosystem development, is crucial to combat evolving cyber threats. Challenges like outdated technology, budget constraints, and disjointed security operations hinder progress. Yet, strategic investments in endpoint detection and response solutions and FedRAMP-authorized products can enhance security operations and empower…
-
New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic
January 18, 2024 at 12:09PM A novel campaign is targeting vulnerable Docker services by deploying XMRig cryptocurrency miner and 9Hits Viewer software to generate revenue. The campaign uses various strategies to drive traffic to websites, breaching servers to deploy malicious containers via Docker API. The impact includes resource exhaustion and potential for a serious breach.…