October 26, 2023 at 02:06PM A group of academics has discovered a new side-channel attack called iLeakage that targets Apple’s A- and M-series CPUs on iOS, iPadOS, and macOS devices. By exploiting a weakness in Safari, sensitive information can be extracted. The attack could be used to retrieve Gmail inbox content and autofilled passwords from … Read more
October 26, 2023 at 10:08AM Congress passed a bipartisan bill to fund the federal government for another 45 days, averting a shutdown. The Office of Management and Budget advised agencies to prepare for a potential shutdown in mid-November. A shutdown could increase insider threats, motivate nation-state actors to attack, hinder regulatory requirements, and affect understaffed … Read more
October 19, 2023 at 11:30AM IT workers contracted with U.S. companies have been secretly sending millions of dollars in wages to North Korea for its ballistic missile program, according to the FBI and the Department of Justice. The workers used false identities and their earnings were funneled to the North Korean weapons program. The investigation … Read more
October 18, 2023 at 08:55AM Modern enterprises face the challenge of balancing the need for data collaboration and expanded access with the increased risk of cybersecurity threats. Traditional data security measures are insufficient for the data needs of modern enterprises. The CISO Survival Guide emphasizes the importance of data access control and the intersection of … Read more
October 17, 2023 at 12:15PM Nation-state hacking groups are using Discord’s content delivery network (CDN) to target critical infrastructure. While Discord is currently mainly used by information stealers, a cybersecurity firm has found evidence of an artifact targeting Ukrainian critical infrastructure, indicating a potential emergence of APT malware campaigns on the platform. This introduces a … Read more
October 16, 2023 at 05:37PM Discord is increasingly being used by hackers and advanced persistent threat (APT) groups to distribute malware, steal data, and target critical infrastructure. Trellix’s report highlights how Discord’s content delivery network (CDN) is utilized for delivering malicious payloads, while webhooks are abused for data theft. The report also notes that APT … Read more