Recent Security News
-
Product Walkthrough: Silverfort’s Unified Identity Protection Platform
November 20, 2023 at 10:12AM Silverfort is the first unified identity protection platform that integrates with existing identity and access management solutions to protect organizations from identity-based attacks. The platform offers features such as Risk-Based Authentication and Multi-Factor Authentication (MFA) and can protect a wide range of resources, including command-line tools and service accounts. A…
-
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
November 20, 2023 at 10:09AM The US cybersecurity agency CISA has published a guidance document to help healthcare and public health organizations understand cyber threats and risks in their sector. The document incorporates vulnerability trends and provides recommendations on asset management, identity management, device security, patching, and vulnerability remediation. The agency emphasizes the need for…
-
How the Evolving Role of the CISO Impacts Cybersecurity Startups
November 20, 2023 at 10:04AM The relationship between chief information security officers (CISOs) and vendors is crucial for the cybersecurity ecosystem. As the role of the CISO evolves due to market changes, COVID-19, and increased cybersecurity awareness, it is important to understand how these changes impact the relationship with vendors. Communication, adaptability, collaboration, and cost-effectiveness…
-
Lumma Stealer malware now uses trigonometry to evade detection
November 20, 2023 at 09:42AM The Lumma information-stealing malware is using a unique method to avoid detection. It measures mouse movements using trigonometry to determine if it is operating on an actual machine or in an antivirus sandbox. This version of the malware also includes control flow obfuscation, XOR encrypted strings, and other evasion techniques…
-
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
November 20, 2023 at 09:42AM APT29, a state-sponsored Russian hacker group, is exploiting the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. The group is using a BMW car sale lure to target embassy entities. The vulnerability allows for execution of malicious code through crafted .RAR and .ZIP archives. APT29 has been using a Ngrok static domain…