Recent Security News
-
DarkGate Opens Organizations for Attack via Skype, Teams
October 13, 2023 at 03:24AM The DarkGate malware is being distributed through messaging platforms like Skype and Teams. Once installed, additional malicious payloads are introduced. The campaign has been most active in the Americas, followed by Asia, the Middle East, and Africa. DarkGate is a commodity loader that executes various actions, including remote access, cryptocurrency…
-
Squid games: 35 security holes still unpatched in proxy after 2 years, now public
October 12, 2023 at 08:26PM 35 vulnerabilities in the Squid caching proxy remain unfixed after more than two years, according to the person who reported them. The researcher found 55 flaws in Squid’s source code, but only 20 have been fixed. The remaining vulnerabilities do not have patches or workarounds, and some have not been…
-
FBI shares AvosLocker ransomware technical details, defense tips
October 12, 2023 at 07:46PM The US government has updated the list of tools used by AvosLocker ransomware affiliates in attacks to include open-source utilities and custom PowerShell and batch scripts. The FBI and CISA have shared a YARA rule for detecting malware disguised as a legitimate network monitoring tool. AvosLocker affiliates use legitimate software…
-
Making the Case for Cryptographic Agility and Orchestration
October 12, 2023 at 06:39PM In summary, the text highlights the quantum threat to cybersecurity and the need for post-quantum cryptography (PQC) to protect against it. It discusses the importance of cryptographic agility and orchestration in managing and adapting to changing cryptographic algorithms. The text also emphasizes the ongoing PQC standardization process and the need…
-
DigiCert Announces Comprehensive Discovery of Cryptographic Assets
October 12, 2023 at 06:10PM DigiCert has announced the next generation of its Trust Lifecycle Manager called Discovery. This enables customers to create a centralized record of cryptographic keys and certificates, improving security and reducing the time needed for updates and threat remediation. The integration with services like Qualys and AWS Private CA allows for…