Security News

Security from Device to SaaS - securing a SaaS environment isn't enough when it comes to protecting against a breach. SSO does not go far enough, and organizations that take SaaS security seriously must also include MFA security measures.

Credit agency warns weak cybersecurity defenses could hurt a company's credit rating, even before an attack. As cyberattacks and data breaches grow bigger and more frequent, companies that don't build strong cybersecurity defenses may feel a direct financial hit even before hackers show up.

Hackers employ voicemail phishing attacks on WhatsApp users. Hackers are continuing to get more creative when it comes to stealing personal information, and WhatsApp users should be on alert for any suspicious looking emails.

US government officials announced today the disruption of the Cyclops Blink botnet linked to the Russian-backed Sandworm hacking group before it was used in attacks. The malware, used by Sandworm to create this botnet since at least June 2019, is targeting WatchGuard Firebox firewall appliances and multiple ASUS router models.

Remote Access Trojan adds ransomware and DDoS attacks to usual bag of tricks. The Remote Access Trojan, or RAT for short, is a powerful tool among cybercriminals as it allows them to fully access and control a compromised computer or device to steal data or launch additional attacks.

According to Check Point, who compiled the report based on their telemetry data, 37,000 Spring4Shell attacks were detected over the past weekend alone. More specifically, the agency has seen evidence of attacks targeting VMware products, for which the software vendor released security updates and advisories yesterday.

Microsoft said that it's currently tracking a "Low volume of exploit attempts" targeting the critical Spring4Shell remote code execution vulnerability across its cloud services. The Spring4Shell vulnerability impacts the Spring Framework, described as the "Most widely used lightweight open-source framework for Java.".

How phishing attacks are exploiting Russia's invasion of Ukraine. A new round of phishing attacks analyzed by email security provider Tessian aims to steal cryptocurrency under the guise of requesting charitable donations toward the Ukrainian cause.

Trezor recently published a warning against a new phishing campaign targeting its users. Figure A. Once in possession of a list of email addresses belonging only to real Trezor customers, the attackers moved to the next step.

The Computer Emergency Response Team of Ukraine has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon. Armageddon is a Russian state-sponsored threat actor who has been targeting Ukraine since at least 2014 and is considered part of the FSB. According to a detailed technical report published by the Ukrainian secret service in November 2021, Armageddon has launched at least 5,000 cyber-attacks against 1,500 critical entities in the country.