Security News
Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process,...
OAuth is an especially appealing target for criminals in cases where compromised accounts don't have strong authentication in place, and user permissions allow them to create or modify OAuth applications. Microsoft, in a threat intel report, details one cyber crime crew it tracks as Storm-1283 that used a compromised account to create an OAuth application and deploy VMs for crypto mining, while also racking up between $10,000 and $1.5 million in Azure compute fees.
Threat actors affiliated with the Russian Foreign Intelligence Service (SVR) have targeted unpatched JetBrains TeamCity servers in widespread attacks since September 2023. The activity has been...
Attackers are trying to leverage public proof-of-exploit exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. "Attackers aim to deploy webshells, with some cases targeting the parameter 'fileFileName' - a deviation from the original exploit PoC," Akamai's Security Intelligence Group flagged on Wednesday.
Karakurt, a particularly nasty extortion gang that uses "Extensive harassment" to pressure victims into handing over millions of dollars in ransom payments after compromising their IT infrastructure, pose a "Significant challenge" for network defenders, we're told. So to help organizations avoid getting caught by this crew, the FBI, and the US government's Cybersecurity and Infrastructure Security Agency, Treasury Department, and Financial Crimes Enforcement Network released an extensive list of vulnerabilities and methods the gang exploits and uses for initial access, the software tools they abuse to snoop around and steal data, and the payment wallets and even email addresses used in the group's extortion attacks.
Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service businesses. Dubbed Storm-1152 by Microsoft, the group bilked enterprises and consumers globally out of millions of dollars.
Webinar Whether you are considering a career in cyber security or you already work in the industry, the 2023 SANS Holiday Hack Challenge is a great way of combining festive fun and learning. Who knows, the skills you acquire this holiday season might even help you foil a nefarious hacker at Yuletide next year.
GuardRail OSS is an open-source project delivering practical guardrails to ensure responsible AI development and deployment. GuardRail OSS offers an API-driven framework for advanced data analysis, bias mitigation, sentiment analysis, content classification, and oversight tailored to an organization's specific AI needs.
A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least...
Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a...