Iranian Hacking Group Among Those Exploiting Recently Disclosed VMware RCE Flaw
An Iranian cyber espionage group that some vendors track as Rocket Kitten has begun exploiting a recently patched critical vulnerability in VMware Workspace ONE Access/Identity Manager technology to deliver...
Cyber Conflict Overshadowed a Major Government Ransomware Alert
As the cyber dimension of the Ukraine conflict erupted, demonstrating the ungoverned and unstable nature of full-on cyberwar, a parallel ransomware alert from the US government got comparatively scant...
API Attacks Soar Amid the Growing Application Surface Area
Driven by the popularity of agile development, the usage of Web application programming interfaces (APIs) has increased dramatically, leaving software-focused companies with larger, and more vulnerable, attack surfaces that...
Log4j Attack Surface Remains Massive
Attackers who want to exploit the critical remote code execution vulnerability disclosed in the Apache Log4j logging tool over four months ago still have a vast array of targets...
Tenable’s Bit Discovery Buy Underscores Demand for Deeper Visibility of IT Assets
Vulnerability and cybersecurity assessment firm Tenable announced on Tuesday plans to acquire 4-year-old startup Bit Discovery, becoming the latest company to acquire an attack-surface management business in the past...
Chinese APT Bronze President Mounts Spy Campaign on Russian Military
China's tacit support for Russia's war in Ukraine apparently doesn't preclude likely China-backed cyber actors from mounting espionage campaigns on the Russian military.
Researchers from Secureworks' Counter Threat Unit this...
Microsoft: Russia Using Cyberattacks in Coordination With Military Invasion of Ukraine
In apparent orchestrated coordination with military operations against Ukraine, six Russian state-supported threat actors have targeted civilian infrastructure inside the country with more than 237 individual cyber operations, according to...
Bumblebee Malware Buzzes Into Cyberattack Fray
At least three separate waves of cyberattacks are underway that feature a sophisticated new malware loader dubbed Bumblebee that fetches shell code and second-stage tools, such as Cobalt Strike, Sliver, and...
The Ransomware Crisis Deepens, While Data Recovery Stalls
When it comes to ransomware, more companies are seeing attacks and have had data encrypted, according to research out this week. And even though more companies are backing up...
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
Network attached storage (NAS) device vendors QNAP and Synology this week disclosed multiple critical vulnerabilities in an open source fileserver technology integrated into their products.
The vulnerabilities — several of...
