Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials
Thousands of Microsoft 365 credentials have been discovered stored in plaintext on phishing servers, as part of an unusual, targeted credential-harvesting campaign against real estate professionals. The attacks showcase...
US OMB releases guidance on federal agency software security requirements
Earlier this week, Chris DeRusha, federal CISO and deputy national cyber director in the White House, announced the release of Office of Management and Budget (OMB) guidance to ensure...
Malware on Pirated Content Sites a Major WFH Risk for Enterprises
The conventional wisdom about there being no such thing as a free lunch appears to be especially true for those visiting websites offering "free" (read: pirated) movies, TV shows,...
Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government
Iranian threat actors have been on the radar and in the crosshairs of the US government and security researchers alike this month with what appears to be a ramp-up...
U.S. government issues guidance for developers to secure the software supply chain: Key takeaways
Software supply chain attacks are on the rise, as cited in the Cloud Native Computing Foundation’s (CNCF’s) Catalog of Supply Chain Compromises. Industry leaders such as the Google, Linux...
Cyberattacks Are Now Increasingly Hands-On, Break Out More Quickly
Attackers are increasingly taking a hands-on approach to network intrusions, usually avoiding using malware; they have also reduced the time it takes to move from an initial compromise to...
To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline
I've been in the tech industry for 25 years, almost all in cybersecurity. I've held security leadership positions for well over a decade, including the 18 months as head...
SparklingGoblin Updates Linux Version of SideWalk Backdoor in Ongoing Cyber Campaign
A new Linux version of the SideWalk backdoor has been deployed against a Hong Kong university in a persistent attack that's compromised multiple servers key to the institution's network...
AutoRabit launches devsecops tool for Salesforce environments
Devsecops firm AutoRabit is trying to address security issues arising from policy changes and misconfigurations in Salesforce environments with a new offering, CodeScan Shield.CodeScan Shield is the next iteration...
Attackers Can Compromise Most Cloud Data in Just 3 Steps
Companies and their cloud providers often leave vulnerabilities open in their system and services, gifting attackers with an easy path to gain access to critical data.
According to an Orca Security analysis...
