Security News

A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat (APT). Cybersecurity...

What do basketball teams, government agencies, and car manufacturers have in common? Each one has been breached, having confidential, proprietary, or private information stolen and exposed by...

From identifying unusual behavior patterns to detecting unauthorized access, real-time monitoring provides a view of your digital environment, ensuring that threats are spotted and dealt with before they can cause harm. In this Help Net Security video, Costa Tsaousis, CEO of Netdata, discusses what makes real-time monitoring so effective.

Mandiant, a cybersecurity company owned by Google, has revealed the details of a 2022 cyberattack run by Russian threat actor Sandworm. The threat group then accessed the OT environment "Through a hypervisor that hosted a Supervisory Control And Data Acquisition management instance for the victim's substation environment," according to Mandiant researchers, who stated the attacker potentially had access to the SCADA system for up to three months.

Criminal IP, a prominent Cyber Threat Intelligence search engine developed by AI SPERA, has recently integrated with Cisco SecureX/XDR, empowering organizations to stay ahead of malicious actors by providing a comprehensive solution for threat intelligence and risk assessment. Cisco is a global leader in technology that delivers innovative software-defined networking, cloud, and security solutions, including secure access, vulnerability management, network segmentation, and threat response.

Digital transformation projects are top of mind for enterprises. 91% of businesses are currently engaged in some form of digital initiative.

Aqua Trivy open-source security scanner now finds Kubernetes security risksThe Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials generation. Sumo Logic discloses potential breach via compromised AWS credentialCloud-native big data and security analytics firm Sumo Logic is investigating a potential security incident within their platform, the company revealed on Tuesday.

Gartner describes this as: "A pragmatic, effective and systemic approach to continuously refine cybersecurity optimization priorities. Practices evolve in order to better understand their combined exposure to threats and address gaps in their posture." Another key cybersecurity trend for 2023 and beyond, according to Gartner: cybersecurity platform consolidation.

Atlassian reassessed the severity rating of the recent improper authorization vulnerability in Confluence Data Center and Server, raising the CVSS score from 9.1 to a maximum of 10. In its original advisory, the Aussie-headquartered vendor said exploitation of the vulnerability by an unauthenticated user could lead to "Significant data loss." In the recently updated advisory, it conceded an attacker could reset Confluence and create an administrator account.

In interactions with threat intelligence analysts, farnetwork shared valuable details that link them to ransomware operations starting 2019 and a botnet with access to multiple corporate networks. According to a report Group-IB shared with BleepingComputer, the threat actor has several usernames and has been active on multiple Russian-speaking hacker forums trying to recruit affiliates for various ransomware operations.