July 17, 2024 at 06:10AM AuKill, a cybercrime tool by FIN7, is evolving to disrupt Windows processes guarded by endpoint detection and response tools. The collective has significantly enhanced their tool, attracting high-level ransomware groups’ attention. By targeting protected processes, AuKill aims to induce a denial-of-service condition, emphasizing the need for robust security solutions against … Read more
July 10, 2024 at 08:09AM Microsoft has released patches for 143 security flaws, including two actively exploited vulnerabilities. The flaws affect Windows, Edge browser, Hyper-V, and Office, among others. One of the exploited flaws is a remote code execution bug impacting .NET and Visual Studio. Other vendors have also issued security updates. [Word Count: 49] … Read more
July 10, 2024 at 08:09AM Endpoint security has become increasingly important in the age of identity protection due to the rise in ransomware attacks. Identity Threat Detection and Response (ITDR) has emerged to address this gap, with capabilities such as coverage across all users and access methods, real-time detection, anomaly detection, chain detection with MFA … Read more
July 10, 2024 at 07:48AM The author reflects on their 100 columns for SecurityWeek and the lack of progress in cybersecurity. They note the increasing frequency and severity of cyber breaches and emphasize the human element in security vulnerabilities. They advocate for enhancing identity management, endpoint security, cloud and supply chain risk management, risk-based prioritization, … Read more
July 10, 2024 at 02:22AM The ViperSoftX malware, distributed as eBooks over torrents, has evolved to use the Common Language Runtime for PowerShell commands within AutoIt, enabling it to evade detection. Its capabilities include exfiltrating sensitive data, distributing other malware, and self-deletion to avoid detection. This sophisticated threat continues to innovate and circumvent defenses, posing … Read more
July 9, 2024 at 01:05PM The importance of network detection and response (NDR) capabilities is highlighted due to the increasing prevalence of unmanaged devices in corporate networks, providing ideal hiding spots for attackers. NDR enables cybersecurity teams to monitor, detect, and respond to threats in real-time, addressing the challenges presented by the evolving enterprise attack … Read more
June 25, 2024 at 06:45AM Browser security is gaining traction as organizations seek to protect against web-borne threats and internal data exfiltration. In a new report, “CISO Testimonials: 6 Real Life Stories of Cutting Costs with a Browser Security Platform,” CISOs highlight the benefits of browser security, including reduced workloads and enhanced efficiency. The report … Read more
June 13, 2024 at 03:40PM Researchers developed a proof-of-concept exploit for an SQL injection bug, CVE-2024-29824, in Ivanti Endpoint Manager. The bug allows unauthenticated attackers to execute code remotely, posing a significant threat. Ivanti responded promptly, releasing a patch within six weeks. Organizations are advised to implement the patch and restrict access to the management … Read more
June 12, 2024 at 10:09AM Cybersecurity researchers have uncovered an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. The threat actors abused anonymous access to launch malicious container images containing a DERO miner. The attack involves targeting externally accessible Kubernetes API servers and uses obfuscation techniques to resist analysis. The attacker’s tactics … Read more
June 12, 2024 at 07:39AM Symantec reports that threat actors using Black Basta ransomware exploited a privilege escalation flaw in Microsoft’s Windows Error Reporting Service as a zero-day, patched in March 2024. Symantec’s observation points to attempts to exploit the vulnerability in an unsuccessful ransomware attack. It also highlights the emergence of a new ransomware … Read more