Recent Security News
-
Russia’s ‘Midnight Blizzard’ Targets Service Accounts for Initial Cloud Access
February 27, 2024 at 04:56PM The threat group “Midnight Blizzard,” associated with Russian intelligence services, has shifted tactics, targeting cloud environments at organizations. Strategies include exploiting automated cloud services accounts, dormant accounts, and using OAuth tokens and MFA bombing attacks for unauthorized access. Mitigations recommended include multifactor authentication, strong passwords, and least privilege principles for…
-
Apple, Signal Debut Quantum-Resistant Encryption, but Challenges Loom
February 27, 2024 at 04:42PM Apple has introduced the PQ3 post-quantum cryptographic (PQC) protocol, a quantum-resistant encryption for iMessage. This is part of a trend driven by the emerging capabilities of quantum computing. The shift towards PQC will have broad implications for various industries and require a long, complicated migration path. The timeline for quantum…
-
US Gov Says Software Measurability is ‘Hardest Problem to Solve’
February 27, 2024 at 03:27PM The US government is urging software manufacturers to release timely, comprehensive documentation of security vulnerabilities to enhance efforts in measuring code quality and safety. The White House emphasizes the need for long-term investment incentives and the adoption of memory-safe programming languages to improve cybersecurity across the digital ecosystem. This industry-wide…
-
Mexico’s ‘Timbre Stealer’ Campaign Targets Manufacturing
February 27, 2024 at 03:23PM Cybercriminals in Mexico are using tax season-related phishing emails to spread the new “Timbre Stealer” infostealer to targeted organizations. The threat actors have refined their phishing messages to exploit the tax season, enhancing the spread of the malware. “Timbre Stealer” executes anti-analysis techniques and collects diverse data once infiltrated. Tax…