December 19, 2023 at 08:39AM Threat actors are using GitHub for malicious activities, including hosting malware and delivering malicious commands via secret Gists and git commit messages. The use of legitimate public services allows threat actors to bypass detection tools. These novel methods can blend malicious traffic with genuine communications, making it harder to detect … Read more
December 19, 2023 at 06:51AM Comcast’s Xfinity informed customers of a cybersecurity breach due to the CitrixBleed vulnerability, compromising usernames, passwords, and personal information. Despite promptly patching the flaw in its systems, the breach was confirmed, prompting password resets and multi-factor authentication. The CitrixBleed vulnerability has been implicated in numerous global attacks, affecting various organizations. … Read more
December 18, 2023 at 07:04PM Xfinity, the subsidiary of Comcast Cable Communications, reported a security breach where attackers stole sensitive customer information after exploiting a Citrix server. The breach, discovered in November, resulted in the exfiltration of customer data, including usernames, hashed passwords, contact information, and partial social security numbers. Xfinity has proactively reset affected … Read more
December 18, 2023 at 05:29PM Israeli cybersecurity startup Zero Networks raised $20M in Series B funding led by USVP, with participation from Dmitri Alperovitch and existing investors. The funds will support recruiting and hypergrowth. Zero Networks offers automated zero-trust identity and network security solutions to prevent lateral movement within the organizational network by attackers. The … Read more
December 18, 2023 at 10:20AM Predatory Sparrow claims responsibility for a cyberattack on Iranian gas stations, disrupting operations at 60-70% of sites. Iran’s petrol stations association spokesman attributed it to a software issue, while Iran’s oil minister suggested outside interference. The group posted evidence of the attack and stated they warned emergency services beforehand to … Read more
December 15, 2023 at 11:49AM In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) for a Healthcare and Public Health (HPH) organization. The RVA included web application, phishing, penetration, database, and wireless assessments. While no significant external vulnerabilities were identified, the internal testing revealed multiple misconfigurations and … Read more
December 14, 2023 at 12:54PM Network penetration testing is vital in cybersecurity, yet misconceptions impact its role. This blog serves as a guide, explaining the process, debunking myths, and highlighting its significance. It encompasses internal and external testing differences, process stages, common misconceptions, and the comparison between manual and automated testing. It emphasizes the importance … Read more
December 14, 2023 at 07:18AM Network penetration testing is critical for businesses in cybersecurity. This blog provides a quick guide, explaining the process, differences between internal and external tests, and how it works in seven stages. It debunks common myths and discusses manual vs. automated testing, emphasizing the effectiveness of vPenTest from Vonahi Security. Based … Read more
December 14, 2023 at 05:03AM The FBI, CISA, and other US government agencies have issued a security advisory about the Karakurt extortion gang, notorious for using harassment and IT exploitation to demand ransoms ranging from $25,000 to $13 million in Bitcoin. The gang uses various tactics and tools to exfiltrate massive amounts of data, with … Read more
December 13, 2023 at 08:30AM Zero Networks, a zero trust identity and network security solutions provider, has secured $20 million in a Series B funding round, bringing the total raised to $45 million. US Venture Partners led the investment with contributions from CyberArk, F2 Capital, Pico Venture Partners, Venrock, and angel investors. The Israeli startup … Read more