Why Tokens Are Like Gold for Opportunistic Threat Actors

May 13, 2024 at 10:07AM Authentication tokens, crucial for cybersecurity, allow secure logins and app access. However, they pose risks if compromised. Threat actors exploit unexpired tokens, leading to breaches. Companies should adopt aggressive token management, including expiring tokens every seven days and limiting access from personal devices. These actions can significantly mitigate the risk … Read more

Citrix warns admins to kill NetScaler user sessions to block hackers

November 21, 2023 at 11:41AM Admins who have patched their NetScaler appliances against the Citrix Bleed vulnerability must take additional measures to secure their devices. Citrix advises wiping all previous user sessions and terminating active ones to prevent attackers from accessing compromised devices. The flaw has been actively exploited since late August, and compromised sessions … Read more

APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide

November 16, 2023 at 11:52AM Four separate cyberattack groups have exploited a former zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) to steal email data, user credentials, and authentication tokens from government organizations worldwide. The bug, which was patched on July 25, enabled the attackers to set up auto-forwarding rules to an attacker-controlled email address. … Read more

Discord still a hotbed of malware activity — Now APTs join the fun

October 16, 2023 at 05:37PM Discord is increasingly being used by hackers and advanced persistent threat (APT) groups to distribute malware, steal data, and target critical infrastructure. Trellix’s report highlights how Discord’s content delivery network (CDN) is utilized for delivering malicious payloads, while webhooks are abused for data theft. The report also notes that APT … Read more