November 18, 2024 at 10:05AM The cybersecurity landscape is evolving rapidly, driven by increasing threats and the exploitation of AI by cybercriminals. Companies are significantly raising cybersecurity budgets, yet attacks continue to escalate. As specialized solutions are in demand, companies that harness emerging technologies to enhance security will likely experience substantial growth in the sector. … Read more
November 13, 2024 at 04:37PM Suspected Russian hackers exploited a recently patched Windows vulnerability (CVE-2024-43451) targeting Ukrainian entities. This NTLM Hash Disclosure flaw allows attackers to steal user login credentials via phishing emails. Microsoft confirmed the vulnerability’s exploitation requires minimal user interaction and has affected all supported Windows versions, prompting CISA to issue a security … Read more
November 13, 2024 at 07:15AM The rise of SaaS and cloud environments has increased cybersecurity threats, particularly through browsers. LayerX released a guide, “Kickstarting Your Browser Security Program,” outlining steps for implementing browser security, including threat mapping, stakeholder collaboration, and gradual rollouts. Successful programs adapt to evolving risks, focusing on data protection and credential safety. … Read more
November 12, 2024 at 04:47PM Microsoft revealed a critical vulnerability (CVE-2024-49040) in Exchange Server 2016 and 2019, allowing email spoofing by forging legitimate senders. Discovered by Vsevolod Kokorin, the flaw leads to exploitation risks. Microsoft has released updates for detection and added warning banners for suspicious emails, urging users to maintain security features. ### Meeting … Read more
November 6, 2024 at 05:56PM Check Point Research has tracked a spear-phishing campaign, “CopyR(ight)hadamantys,” targeting hundreds of companies globally with emails claiming copyright infringement. The emails deliver the sophisticated infostealer Rhadamanthys, capable of stealing sensitive data. Attackers use automation to send these messages, often impersonating known brands in technology and entertainment industries. ### Key Takeaways … Read more
November 6, 2024 at 10:08AM Cross-domain threats have surged, exploiting identity, cloud, and endpoint vulnerabilities with minimal detection footprints. Notable adversaries like Scattered Spider and North Korea’s Famous Chollima utilize stolen credentials and sophisticated phishing to conduct attacks. Defending against these requires integrated visibility, real-time threat hunting, and advanced identity protection measures to prevent breaches. … Read more
November 6, 2024 at 05:24AM INTERPOL’s Operation Synergia II successfully dismantled over 22,000 malicious servers globally from April to August 2024, targeting phishing and ransomware. Approximately 76% of 30,000 identified suspicious IPs were taken down, leading to 41 arrests. The operation included cooperation with private sector partners and significant discoveries in multiple countries. ### Meeting … Read more
November 6, 2024 at 01:31AM Google Cloud will require mandatory multi-factor authentication (MFA) for all users by the end of 2025 to enhance security. The rollout will occur in three phases, starting November 2024. This initiative aligns with similar efforts by competitors Amazon and Microsoft amid rising concerns over phishing and credential theft. ### Meeting … Read more
November 1, 2024 at 07:33AM Cybersecurity researchers have uncovered a campaign, EMERALDWHALE, targeting exposed Git configurations to steal credentials from over 10,000 private repositories. The operation exploits tools to access sensitive files and collect data, leading to extensive credential theft for phishing purposes. A list of 67,000 exposed URLs is being sold online. ### Meeting … Read more
October 22, 2024 at 12:31PM Lumma Stealer has launched a campaign using malicious CAPTCHA pages to prompt malware downloads. This malware aims to steal sensitive data. Researchers emphasize the need for security teams to adopt continuous monitoring and adapt defenses against evolving threats like Lumma Stealer, using a multilayered approach for effective protection. ### Meeting … Read more