January 12, 2024 at 08:11AM The article emphasizes the necessity of a proactive cybersecurity approach and the role of Breach and Attack Simulation (BAS) in strengthening defenses. It highlights the gap between perceived and actual security, the mechanics of BAS, and steps to integrate BAS into an organization’s cyber strategy. The piece is authored by … Read more
January 6, 2024 at 03:33AM A cyber espionage campaign by the threat actor Sea Turtle targets telecommunication, media, internet service providers, and Kurdish websites in the Netherlands, collecting politically motivated information. Sea Turtle, documented in 2019, uses DNS hijacking and exploits known vulnerabilities, and was found to use a simple reverse TCP shell. Organizations are … Read more
January 1, 2024 at 09:18AM Security researchers have uncovered a new DLL search order hijacking technique that allows threat actors to execute malicious code on Windows 10 and 11. By leveraging trusted WinSxS folder executables, adversaries can bypass security mechanisms and introduce potentially vulnerable binaries into the attack chain. Security Joes urges organizations to closely … Read more
December 28, 2023 at 10:02AM DDoS attacks and zero-day threats continue to plague cybersecurity due to their effectiveness, with OpenAI attributing ChatGPT issues to a DDoS attack. The rise in IoT vulnerabilities and new network protocols contributes to the surge in attacks, prompting the need for robust anti-DDoS strategies, including scalable infrastructure, traffic monitoring, and … Read more
December 21, 2023 at 05:40PM New data from EasyDMARC shows a 7.5% increase in intercepted phishing emails from January 2022 to November 2023. The research tracked a rise in flagged emails imitating legitimate domains and a 24% increase in potentially harmful emails per domain. The CEO emphasizes the need for businesses to implement email authentication … Read more
December 18, 2023 at 05:29PM Israeli cybersecurity startup Zero Networks raised $20M in Series B funding led by USVP, with participation from Dmitri Alperovitch and existing investors. The funds will support recruiting and hypergrowth. Zero Networks offers automated zero-trust identity and network security solutions to prevent lateral movement within the organizational network by attackers. The … Read more
December 17, 2023 at 04:52PM The Rhadamanthys information-stealing malware has recently released two major versions with added improvements, such as new stealing capabilities, enhanced evasion, and a new plugin system for customization. These updates indicate a shift towards a more modular and customizable framework, making it a more formidable tool for cybercriminals. From the meeting … Read more
December 14, 2023 at 12:54PM Network penetration testing is vital in cybersecurity, yet misconceptions impact its role. This blog serves as a guide, explaining the process, debunking myths, and highlighting its significance. It encompasses internal and external testing differences, process stages, common misconceptions, and the comparison between manual and automated testing. It emphasizes the importance … Read more
December 14, 2023 at 09:03AM Zoom has introduced a new Vulnerability Impact Scoring System (VISS) to help cybersecurity teams prioritize threats. It analyzes 13 impact aspects, produces a 0-100 score, and can be adjusted using compensating controls. In testing, critical vulnerabilities increased by 28%, while medium-severity ones decreased by 57%. Zoom aims to enhance security … Read more
December 14, 2023 at 07:18AM Network penetration testing is critical for businesses in cybersecurity. This blog provides a quick guide, explaining the process, differences between internal and external tests, and how it works in seven stages. It debunks common myths and discusses manual vs. automated testing, emphasizing the effectiveness of vPenTest from Vonahi Security. Based … Read more