March 18, 2024 at 09:15AM The US Department of Defense has processed 50,000 reports through its vulnerability disclosure program, initiated after the success of the ‘Hack the Pentagon’ bug bounty program. Collaborating with platforms like HackerOne, Bugcrowd, and Synack, DoD expanded its bug bounty programs, saving an estimated $61 million and receiving over 45,000 vulnerability … Read more
March 14, 2024 at 01:05AM The UAE’s increasing adoption of IT and operational technology has expanded its attack surface, leading to nearly 155,000 vulnerable assets due to misconfigurations and insecure applications. CPX’s “State of the UAE Cybersecurity Report 2024” emphasizes the need for a unified approach to improve national infrastructure and cybersecurity, amidst growing threats … Read more
March 6, 2024 at 01:42PM A threat actor is leveraging fake Skype, Google Meet, and Zoom meetings to distribute malware targeting Android and Windows users. This campaign, discovered in December, poses a significant cybersecurity threat. By mimicking legitimate URLs and hosting on a single IP address, the attackers are successfully distributing malicious payloads, emphasizing the … Read more
March 4, 2024 at 06:31PM North Korean hackers stole South Korean microchip manufacturing technology, prompting NIS to call for improved cyber defenses. The hackers compromised the servers of two microchip manufacturers and stole semiconductor designs and facility photos. NIS believes North Korea may be preparing to produce its own semiconductors due to sanctions. Based on … Read more
March 4, 2024 at 11:07AM Be cautious when joining webinars due to the potential for network compromise. Submit your clever cybersecurity-related caption to win a $25 Amazon gift card before the March 27, 2024 deadline. Send ideas to [email protected] or via social media. Congratulations to Matt Tompkins, last month’s winner of “The Great Escape” contest. … Read more
March 4, 2024 at 08:31AM Cyberattackers have created over 100,000 malicious repositories on GitHub, with some estimates reaching over a million. They use automation to copy, infect, and reupload existing repositories, tricking developers into downloading malware. GitHub’s security mechanisms remove most fakes, but some still slip through. Organizations need policies to protect against these attacks. … Read more
March 4, 2024 at 12:36AM U.S. cybersecurity agencies have issued warnings about Phobos ransomware targeting government and critical infrastructure entities. The ransomware, operated as a service model, has targeted various sectors and has earned millions in ransom. The attackers use various tactics and have been actively targeting entities since May 2019, posing a significant ongoing … Read more
March 1, 2024 at 01:38PM The US Department of Justice has unsealed an indictment accusing an Iranian national, Alireza Shafie Nasab, of a years-long cyber campaign targeting US defense contractors and government agencies. The indictment alleges that Nasab and his associates compromised hundreds of thousands of accounts through spear phishing, social engineering, and in-house software. … Read more
February 27, 2024 at 08:51AM The Xeno RAT, an open-source remote access trojan, has been released on GitHub, with capabilities for remote system management and unique features such as real-time audio recording and hidden virtual network computing module. This release underscores the rise of freely available malware, highlighted by cybersecurity firm Cyfirma. Additionally, the article … Read more
February 19, 2024 at 05:39AM Google’s AI Cyber Defense Initiative aims to promote the use of artificial intelligence in cybersecurity, asserting its potential to empower defenders in threat detection, malware analysis, and vulnerability fixing. The company commits to investing in AI infrastructure, offering defensive tools, security training, and research cooperation. Additionally, it is supporting startups, … Read more