Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs
Experts urged users to prioritize patches for Microsoft Exchange and Excel, those favorite platforms so frequently targeted by cybercriminals and nation-state actors.
Microsoft reported a total of 55 vulnerabilities, six...
New Android Spyware Poses Pegasus-Like Threat
PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.
Researchers discovered new Android spyware that provides similar capabilities to...
12 New Flaws Used in Ransomware Attacks in Q3
The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021.
A dozen new vulnerabilities were used...
Security Tool Guts: How Much Should Customers See?
Yaron Kassner, CTO of Silverfort, delves into the pros and cons of transparency when it comes to cybersecurity tools’ algorithms.
Many cybersecurity tools use engines that calculate risk for...
Zoho Password Manager Flaw Torched by Godzilla Webshell
Researchers have spotted a second, worldwide campaign exploiting the Zoho zero-day: one that’s breached defense, energy and healthcare organizations.
A new campaign is prying apart a known security vulnerability...
Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs
Researchers have uncovered a large, tangled web of infrastructure being used to enable a wide variety of cyberattacks.
Three separate threat groups are all using a common initial access broker...
Beyond the Basics: Tips for Building Advanced Ransomware Resiliency
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.
The rate at which ransomware attacks occur is rapidly increasing....
Native Tribal Casinos Taking Millions in Ransomware Losses
An FBI notification is warning of an uptick in attacks against tribal casinos.
Ransomware groups have made millions off attacks on native tribal casinos in the U.S., just over the...
Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar
The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info.
A new Magecart...
US Blacklists Pegasus Spyware Maker
NSO Group plans to fight the trade ban, saying it’s “dismayed” and clinging to the mantra that its tools actually help to prevent terrorism and crime.
NSO Group –...
