January 16, 2024 at 07:36AM The definition of a hacker is explored in an interview with HD Moore, who highlights the distinctions between moral, amoral, and immoral hacking based on intent and actions. He recounts his upbringing, early experiences of exploring technology, and the ethical dilemmas faced. The interview delves into the legal implications and … Read more
January 16, 2024 at 06:51AM Reflectiz, a website security company, rescued a major retail client from non-compliance fines due to misconfigured cookie tracking. Despite being unintended, the client risked substantial penalties under GDPR. Reflectiz’s advanced exposure management solution detected 37 unauthorized cookie injections and facilitated timely corrective action, emphasizing the importance of continuous monitoring and … Read more
January 16, 2024 at 05:36AM Volexity has observed widespread exploitation of two zero-day vulnerabilities in Ivanti Connect Secure VPN appliances by threat actors, including the group UTA0178. These vulnerabilities allow attackers to execute arbitrary commands and compromise internal networks. While the attacks were initially targeted, they have now become widespread, affecting organizations globally, particularly in … Read more
January 16, 2024 at 03:45AM The now-defunct Inferno Drainer created over 16,000 malicious domains, scamming over $87 million from 137,000 victims by spoofing Web3 protocols. Affiliates could use the malware for phishing, draining 30% of stolen assets in some cases. The cybercrime spoofed over 100 cryptocurrency brands with specially crafted pages and was active throughout … Read more
January 16, 2024 at 02:45AM Threat actors exploit a patched security flaw in Microsoft Windows to deploy the Phemedrone Stealer, targeting web browsers, cryptocurrency wallets, and messaging apps. The flaw, CVE-2023-36025, allows attackers to bypass Windows SmartScreen protection. Despite being patched, threat actors find ways to exploit the flaw, highlighting their flexibility in adapting attack … Read more
January 15, 2024 at 11:31PM As children grow, their problems become more complex, resembling the challenges faced by maturing enterprises. The evolving technology landscape necessitates a strategic distributed cloud platform partner to manage complexity, facilitate vendor consolidation, handle mergers/acquisitions, cope with innovation pressure, and combat the evolving threat landscape for improved security and simplified management. … Read more
January 15, 2024 at 11:31PM Several acquisitions in the cloud security market have kicked off 2024, with Delinea acquiring Authomize, SentinelOne acquiring PingSafe and SonicWall acquiring Banyan Security. As companies move more operations to the cloud, the emphasis shifts to comprehensive and flexible security solutions. Players are looking to consolidation to enhance their zero-trust offerings … Read more
January 15, 2024 at 10:33PM Global crime networks are utilizing autonomous territories in Southeast Asia to establish physical and online casinos, leading to a surge in money laundering, cyberfraud, and organized crime. The United Nations Office on Drugs and Crime (UNODC) highlighted this accelerating threat and emphasized the involvement of criminal groups in illegal online … Read more
January 15, 2024 at 08:07PM Volexity discovered mass exploitation of two zero-day vulnerabilities affecting Ivanti’s Connect Secure VPN and Policy Secure NAC appliances. The attacks by multiple threat groups have targeted organizations worldwide, including Fortune 500 companies and government departments. Mitigation measures and a list of malicious tools used in the attacks have been provided. … Read more