Is Your Organization Protected Against IAM Misconfiguration Risks?
In the latest edition of the Unit 42 Cloud Threat Report, our researchers explore the cloud threat landscape with a deep focus on identity and access management (IAM) misconfiguration...
3 Simple Techniques to Add Security Into the CI/CD Pipeline
I propose that there are three fundamental and concrete practices DevOps and security teams can adopt to add security into the CI/CD pipeline and secure critical applications, involving:
Infrastructure-as-Code (IaC).
Kubernetes...
Cyberattacks Up, But Companies (Mostly) Succeed in Securing Remote Workforce
Despite fears that the burgeoning population of remote workers would lead to breaches, companies have held their own, a survey of threat analysts finds.Since the onset of the pandemic,...
Critical Zerologon Flaw Exploited in TA505 Attacks
Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.Microsoft has observed new threat activity exploiting the critical...
Cybercriminals Abusing Legitimate Windows Programs
Cybercriminals Abuse Built-in Services to Target Windows
Cybercriminals are now abusing inbuilt legitimate services of Windows to perform fileless attacks. Researchers reveal they use spear-phishing emails to spread a zip...
New P2P Botnet Targeting IoT Devices
By: Ravie Lakshmanan
Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency...
Exploit for Firefox 68 on Android Local Area Network SSDP Screencast
Firefox for Android LAN-Based Intent Triggering
Exploit research and development by Chris Moberly (Twitter: @init_string)
Overview
The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android...
Magento Based Stores See Biggest Attack Due to 0day flaw
Well-known cybersecurity expert and founder of Sanguine Security (SanSec) Willem de Groot (Willem de Groot) warned of the largest ever campaign aimed at compromising online stores based on the e-commerce platform...
Zero Day Survival Guide | Everything You Need to Know Before Day One
by SentinelOne
Zero day. Perhaps the most frightening words for any IT leader to hear. For security researchers, zero days are one of the more fascinating topics, the crown jewel of...
Over 61% of Exchange servers vulnerable to CVE-2020-0688 attacks
By Pierluigi Paganini
More than 247,000 Microsoft Exchange servers are still vulnerable to attacks exploiting the CVE-2020-0688 RCE issue impacting Exchange Server.
The CVE-2020-0688 vulnerability resides in the Exchange Control Panel (ECP) component, the root...