Why Is It So Challenging to Go Passwordless?
Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, “If it sounds too…
data breach
data breach
Lazarus Group Uses Fake Coding Tests to Spread Malware
Sep 11, 2024Ravie LakshmananMalware / Software Development Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. “The new samples were tracked to GitHub…
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws
Sep 11, 2024Ravie LakshmananWindows Security / Vulnerability Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024.…
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
Sep 11, 2024Ravie LakshmananEnterprise Security / Vulnerability Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description…
London’s transit agency drops claim it has ‘no evidence’ of customer data theft after hack
The cyberattack hitting Transport for London (TfL), the government body that runs the U.K. capital’s transit system, is now dragging into its second week. Although the transit system remains operational and unaffected by the cyber…
CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as…
Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia
Sep 10, 2024Ravie LakshmananMalware / Cyber Espionage A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson…
The Invisible Gateway to SaaS Data Breaches
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team…
New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the “audio gap” and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen.…
Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments
Sep 10, 2024Ravie LakshmananCyber Attack / Malware The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads,…