What is the status of US, Israel cyberwars?

On June 19, 2022, false rocket-warning sirens were activated in Jerusalem and Eilat, caused by a stunning cyber attack by Iran. Israel’s cyber authorities at the time tried to downplay the hack, which seemed to have significant national security implications. Read More …

First known open-source software attacks on banking sector could kickstart long-running trend

Application security provider Checkmarx has detailed its findings on the first known open-source software (OSS) attacks targeting the banking sector. During the first half of 2023, the firm said its supply chain research team detected several OSS attacks that showcased Read More …

North Korea-backed hackers breached JumpCloud to target cryptocurrency clients

North Korean state-backed hackers breached U.S. enterprise software company JumpCloud to target its cryptocurrency clients, security researchers said on Thursday. JumpCloud, a directory platform that allows enterprises to authenticate, authorize and manage users and devices, said this week that a Read More …

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and Read More …

DDoS Botnets Target Zyxel Vulnerability CVE-2023-28771

In June 2023, FortiGuard Labs detected the propagation of several DDoS botnets exploiting the Zyxel vulnerability (CVE-2023-28771). This vulnerability is characterized by a command injection flaw affecting multiple firewall models that could potentially allow an unauthorized attacker to execute arbitrary Read More …

FakeSG enters the ‘FakeUpdates’ arena to deliver NetSupport RAT

Over 5 years ago, Malwarebytes researchers began tracking a new campaign that they called FakeUpdates (also known as SocGholish) that used compromised websites to trick users into running a fake browser update. Instead, victims would end up infecting their computers Read More …

Victims of Cyberattack on File-Transfer Tool Pile Up

The list of companies hit by a cyberattack on a widely used software tool continues to expand and several victims have filed lawsuits alleging mishandling of data. The continued disclosure of new victims affected by hackers exploiting a vulnerability in Read More …

North Carolina: Kannapolis didn’t alert public when cyberattack knocked out police dispatch

More than a year ago, a cyberattack knocked out the system used in Kannapolis to dispatch police and firefighters. You wouldn’t know that based on what the city told the public. Read more… Source: Yahoo! News  

Many businesses don’t even know they’ve been hit by a security breach

Many businesses don’t know if they have suffered a data breach, and probably wouldn’t be able to spot such an event at all, due to the ever-expanding threat landscape, and notification fatigue among IT staff, new research has claimed. A Read More …