Security News > 2024 > February

SolarWinds has patched five remote code execution flaws in its Access Rights Manager solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.Access Rights Manager allows companies to manage and audit access rights across their IT infrastructure to minimize insider threat impact and more.

A passphrase functions as a password, granting you access to a system or application, but instead of a string of random characters, it's a combination of words, numbers and symbols. In this article, we provide examples of passphrases and discuss the different types and best practices for using them for personal or business-related accounts.

Vyacheslav Igorevich Penchukov, 37, pleaded guilty to two counts related to his leadership role in both the Zeus and IcedID malware operations this week, netting millions of dollars in the process. Penchukov first became involved in the Zeus banking trojan as early as May 2009 but was only arrested over a decade later in Geneva, Switzerland in 2022.

Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation. The Alpha ransomware operation emerged in February 2023 but kept a low profile, didn't promote on hacker forums, nor did its operators carry out many attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)...

Large organizations can contact both LogMeOnce and Bitwarden for curated pricing to get an enterprise-level solution. Feature comparison: LogMeOnce vs. Bitwarden Zero-knowledge principles and overall security.

The North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds. Some of the largest cryptocurrency theft operations Lazarus conducted in recent years include the March 2022 Ronin Network hack that yielded $625 million, the Harmony Horizon hack in June 2022 that resulted in losses of $100 million, and the July 2023 Alphapo heist from where the hackers pocketed $60 million worth of crypto.

Several companies operating in the cryptocurrency sector are the target of a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week,...

The murder of 16-year-old schoolgirl Brianna Ghey has kickstarted a debate around limiting children's access to the dark web in the UK, with experts highlighting the difficulty in achieving this. Ciaran Martin, the National Cyber Security Centre's first CEO and current Oxford University professor, weighed into the discussion on Thursday, saying that there is no single technology-based solution and that there should be a greater focus on the dark web in the country's schools.

In January 2024, an operation dismantled a network of hundreds of SOHO routers controlled by GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit. The Department's court-authorized operation leveraged the Moobot malware to copy and delete stolen and malicious data and files from compromised routers.