CISA: KEV Catalog reaches 1000, what does that mean and what have we learned

Every organization is confronted by a common cybersecurity challenge: there are too many vulnerabilities in technology products. This makes it difficult to prioritize limited resources – with over 25,000 new vulnerabilities released in 2022 alone, where should an organization begin? Read More …

One of the FBI’s most wanted hackers is trolling the U.S. government

Earlier this year, the U.S. government indicted Russian hacker Mikhail Matveev, also known by his online monikers “Wazawaka” and “Boriselcin,” accusing him of being “a prolific ransomware affiliate” who carried out “significant attacks” against companies and critical infrastructure in the Read More …

Latest evolution of ‘pig butchering’ scam lures victim into fake mining scheme

Crypto fraud has become the dominant form of Internet-based confidence schemes over the past three years, as demonstrated by the sha zhu pan (“pig butchering”) scams Sophos researchers recently investigated. But one variant has been growing at a particularly rapid Read More …

Microsoft AI researchers accidentally exposed terabytes of internal sensitive data

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. In research shared with TechCrunch, cloud security startup Wiz said it discovered Read More …

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability CVE-2017-6884 Zyxel EMG2926 Routers Command Injection Vulnerability Read more… Read More …

HWL Ebsworth hack: 65 Australian government agencies affected by cyber-attack

Sixty-five Australian government departments and agencies were victims of the cyber-attack on legal firm HWL Ebsworth, the national cybersecurity coordinator has revealed. In a speech on Monday, Air Marshal Darren Goldie also revealed that some people and clients with personal information Read More …

Kuwait’s finance ministry says cyberattack hit one of its systems

Kuwait’s finance ministry said on Monday that one of its systems had suffered a cyberattack in the early morning but that the ministry continued to work normally. The ministry said in a statement that protection systems and procedures had been Read More …

Cyber attacks and dozy drivers: These are the future risks of self-driving cars

“A large cyber-terrorist attack targeting the operating systems of many self-driving vehicles simultaneously could cause mass casualties” – that is the alarming scenario presented by MPs after their investigation into autonomous cars on British roads. After a 15-month enquiry, the Read More …

China becomes main victim of advanced persistent threat attacks: Ministry of State Security

According to the Ministry of State Security on Saturday which is the 23rd National Defense Education Day, China has become the main victim of advanced persistent threat (APT) attacks, adding that cyberspace has become an important battleground for foreign intelligence Read More …

UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety

UNC3944 is a financially motivated threat cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) to obtain credentials to gain and escalate access to victim organizations. At least some UNC3944 threat actors appear to operate in Read More …