Cryptojacking group TeamTNT is leveraging compromised Amazon Web Services credentials to attack its cloud environments through the platform’s API, according to researchers from Unit 42 at Palo Alto Networks.
Microsoft's June Patch Tuesday contained patches for six zero-day vulnerabilities being exploited in the wild, including two flaws detected by Kaspersky that were being exploited by a new threat group named PuzzleMaker.
Researchers have uncovered an ongoing campaign by a Chinese advanced persistent threat group that has spent the last three years testing and refining a custom backdoor in its arsenal to conduct espionage campaigns targeting governments in Southeast Asia.
Security researchers have identified two vulnerabilities in the Joomla content management system that can be chained together for complete compromise of the network, a report by security firm Fortbridge finds.
Content delivery network Fastly says its global outage on Tuesday was caused by an unanticipated software bug, which it has now patched. IT experts caution that content delivery networks and other cloud services can become single points of failure if they go down, unless users have resiliency plans.
Researchers at Malwarebytes have uncovered the latest tactics, techniques, and procedures used by the North Korean threat group Kimsuky, also known as Thallium, Black Banshee and Velvet Chollima, as it continues to launch espionage attacks. This time it is using an AppleSeed backdoor.
Weeks after VMware issued patches to address vulnerabilities in its vSphere Client (HTML5), threat intelligence firm Bad Packets says threat actors are mass scanning for vSphere hosts vulnerable to remote code execution.
CISA is preparing to expand its vulnerability research and disclosure program, which is now mandatory for nearly all executive branch agencies, by creating a vulnerability disclosure platform service. As part of this effort, the cybersecurity agency is partnering with Bugcrowd and EnDyna.
Amazon, Google, Spotify and Twitter were among the sites that were unreachable Tuesday morning due to a configuration error at widely used content delivery network Fastly, which said the problem was resolved after about an hour, after which the disruptions would begin to abate.
How cybersecurity and data protection in finance must evolve to meet a new threat landscape
A pandemic year in the wilderness opened up new vulnerabilities in finance, as institutions wrestled with the rush to remote work and new cloud applications. The post-pandemic era has provided little respite, as cybercriminals...
Securing the perimeter has given way to securing the application environment. And with this shift comes a new urgency to inject real-time security solutions in these dynamic new environments.
Download this eBook and learn about:
The challenge of securing dynamic application environments;
The importance of...
The most significant component of President Biden's recently released executive order on cybersecurity is its call for the creation of software life cycle security standards, says Adam Isles, former deputy chief of staff at the U.S. Department of Homeland Security, who offers a complete assessment.
Vulnerabilities in some antivirus software could have enabled attackers to install malware and deactivate anti-ransomware protection to take over software controls, academic researchers say.
Did you miss ESET's Lukas Stefanko presentation on Stalkerware at RSA this year?
It looked at our analysis of dozens of Android stalkerware families, which are often flagged as undesirable or harmful by most mobile security solutions. Many of these apps also exhibit serious security and privacy issues that could...
There's growing momentum around the use of software bills of materials, which allow for automated supply chain risk analysis. Patrick Dwyer of OWASP says that SBOMs and automation mean organizations can make better risk-based decisions on emerging security threats.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.
