Security News

Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors
2023-10-09 03:15

A Gaza-based threat actor has been linked to a series of cyber attacks aimed at Israeli private-sector energy, defense, and telecommunications organizations. Microsoft, which revealed details of...

CISA reveals 'Admin123' as top security threat in cyber sloppiness chart
2023-10-06 18:42

The US Cybersecurity and Infrastructure Security Agency and the National Security Agency are blaming unchanged default credentials as the prime security misconfiguration that leads to cyberattacks. The misconfigurations in the CSA illustrate a trend of systemic weaknesses in many large organizations, including those with mature cyber postures, and highlights the importance of software manufacturers embracing secure-by-design principles to reduce the burden on network defenders.

QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks
2023-10-05 13:18

Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of...

New BunnyLoader threat emerges as a feature-rich malware-as-a-service
2023-10-02 19:59

The malware is under rapid development, with updates adding new features and bug fixes. Researchers at cloud security company Zscaler note that BunnyLoader is quickly becoming popular among cybercriminals as a feature-rich malware available for a low price.

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
2023-10-02 05:31

Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground. "BunnyLoader provides...

VMware users anxious about costs and ransomware threats
2023-09-29 04:30

VMware customers have growing concerns about the state of the virtualization software and the company behind it - ranging from rising licensing costs, ransomware vulnerabilities and a diminishing quality of support, according to VergeIO. 84% of respondents indicated that they were concerned about VMware's current and future costs, with many highlighting "Per-core" renewal quotes and licensing agreements that require a commitment to year-over-year spending increases as additional points of distress. With a rise in ransomware attacks exploiting specific VMware vulnerabilities, 77% of customers worried about their data resiliency.

China's national security minister rates fake news among most pressing cyber threats
2023-09-28 03:58

Chinese minister for national security Chen Yixin has penned an article rating the digital risks his country faces and rated network security incidents as the most realistic source of harm to the Chinternet - both in terms of attacks and the dissemination of fake news. The article appeared in China Cyberspace, the official organ of regulator the Cyberspace Administration of China.

Is your identity safe? Exploring the gaps in threat protection
2023-09-27 04:00

A recent study from Silverfort has identified the identity attack surface as today's most substantial weakness in cybersecurity resilience. Traditional approaches, such as MFA and PAM, have notable limitations that can lead to the exploitation of stolen credentials.

Threat Report: High Tech Industry targeted the most with 46% of attack traffic tagged by NLX
2023-09-26 10:32

How To Use This Report Enhance situational awareness of techniques used by threat actors Identify potential attacks targeting your industry Gain insights to help improve and accelerate your...

Are developers giving enough thought to prompt injection threats when building code?
2023-09-26 05:30

This overlooked vulnerability is no trivial matter, and it raises the critical question: Are we doing enough to insulate our code and applications from the risks of prompt injection? Prompt injection is an insidious technique where attackers introduce malicious commands into the free text input that controls an LLM. By doing so, they can force the model into performing unintended and malicious actions.