Security News
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May...
An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident...
AI deepfakes were not on the risk radar of organisations just a short time ago, but in 2024, they are rising up the ranks. Aon's Global Risk Management Survey, for example, does not mention it, though organisations are concerned about business interruption or damage to their brand and reputation, which could be caused by AI. Huber said the risk of AI deepfakes is still emergent, and it is morphing as change in AI happens at a fast rate.
Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service attacks, crashing web servers with a single TCP connection in some implementations. HTTP/2 is an update to the HTTP protocol standardized in 2015, designed to improve web performance by introducing binary framing for efficient data transmission, multiplexing to allow multiple requests and responses over a single connection, and header compression to reduce overhead. The new CONTINUATION Flood vulnerabilities were discovered by researcher Barket Nowotarski, who says that it relates to the use of HTTP/2 CONTINUATION frames, which are not properly limited or checked in many implementations of the protocol.
Ivanti has committed to adopting a secure-by-design approach to security as it gears up for an organizational overhaul in response to the multiple vulnerabilities in Connect Secure exploited earlier this year. CEO Jeff Abbott penned an open letter to Ivanti's customers and partners this week, saying "Events in recent months have been humbling," before detailing the various changes Ivanti plans to make.
New research from cyber security firm Rapid7 has shown the ransomware attacks that IT and security professionals are up against in APAC are far from uniform, and they would be better off tapping intelligence that sheds light on attack trends in their specific jurisdiction or sector. How ransomware threats in Asia-Pacific differ by jurisdiction and sector.
Texas-based Omni Hotels & Resorts has been responding to a cyberattack that started last Friday, which resulted in the unavailability of many of its IT systems. According to people staying at some of the 50 properties the company operates across Northern America, who took to Reddit to vent and discuss the problem, the outage affected reservation and check-in systems, room key cards, and payment systems.
Today's malware is not just about causing immediate damage; some programs get embedded within systems to siphon off data over time, disrupt operations strategically, or lay the groundwork for massive, coordinated attacks. Read on to get the lowdown on recent high-profile malware attacks along with strategies to help limit malware risks at your organization.
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure, some of which could also lead to execution of arbitrary code or information disclosure. Three months since attackers started exploiting a string of zero-days in Ivanti Connect Secure and bypassing mitigations for them, the company's CEO has announced they will be accelerating security initiatives and improving security practices.
TL;DR: Through April 7th only, you can get a lifetime subscription to RealVPN for just $16 when you use promo code SECURE20. Hackers and snoops on public networks can gain access to your private information, which is why it's crucial to use a base layer of cybersecurity like a VPN. Fortunately, this week only, you can get a lifetime subscription to RealVPN for just $16 when you use promo code SECURE20.