Security News
After select US federal agencies tested Microsoft's expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using Microsoft Purview Audit - regardless of license tier. Microsoft first announced the expanded cloud logging capabilities in July 2023, after it revealed that Chinese hackers accessed email accounts belonging to 25 organizations and government agencies.
A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH...
In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have...
An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog)....
The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect, which contains the fixes for the two flaws and other non-security fixes but - more crucially - customers no longer under maintenance can upgrade to it to protect themselves against exploitation.
A cache of stolen document posted to GitHub appears to reveal how a Chinese infosec vendor named I-Soon offers rent-a-hacker services for Beijing. Analysis of the docs by infosec vendor SentinelOne characterizes I-Soon as "a company who competes for low-value hacking contracts from many government agencies."
Since this field has a lot of blanks, it is best to work with trusted experts or outsource the creating and implementing of GenAI practices to someone with expertise in the field. Keep in mind that if an employee uses their personal account for working with ChatGPT, the outcome is their intellectual property, not your company's.
Adversaries increasingly exploit stolen credentials. The report indicates that the average breakout time is down to only 62 minutes from 84 in the previous year.
The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the...
In this Help Net Security video, Tyler Adams, CEO at CertifID, illustrates how the real estate sector needs to invest significant effort in educating consumers and implementing protective measures to safeguard real estate transactions. Recent CertifID research found that median consumer losses in real estate fraud schemes exceeded $70,000 per incident as a result of stolen buyer down payments and seller net proceeds.