Security startup Cerby debuts with platform to manage shadow IT
Security automation startup Cerby is exiting stealth mode with the public launch of a security platform designed to help companies deal with shadow IT—information technology products that are used...
Harmony offers $1M bounty, but is it big enough?
The Harmony layer-1 blockchain project team has offered a bounty equal to just 1% of the $100 million in crypto stolen from the Horizon Bridge hack last week. Harmony tweeted...
Ethereum liquidity provider XCarnival negotiates return of 50% stolen ETH
XCarnival, a liquidity provider for the Ethereum ecosystem, recovered 1,467 Ether (ETH) just a day after suffering an exploit that drained 3,087 ETH, worth roughly $3.8 million, from the...
Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks
A 18% drop in ransomware attacks in May is probably the result of Conti's shutdown, but the actors are regrouping under other brands, including KaraKurt, Black Byte, Hive, and...
APT Groups Swarming on VMware Servers with Log4Shell
Organizations with public-facing VMware Horizon and Unified Access Gateway (UAG) servers without appropriate Log4Shell mitigations have been under a barrage of attacks from a range of attackers, including state-sponsored...
Open-source software risks persist, according to new reports
Open-source software (OSS) has become a mainstay of most applications, but it has also created security challenges for developers and security teams, challenges that may be overcome by the...
Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft
A China-based advanced persistent threat (APT) actor, active since early 2021, appears to be using ransomware and double-extortion attacks as camouflage for systematic, government-sponsored cyberespionage and intellectual property theft.
In...
MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security
Researchers have uncovered an email-based credential-phishing attack targeting users of MetaMask, a cryptocurrency wallet used to interact with the Ethereum blockchain.
The campaign is directed at Microsoft 365 (formerly Microsoft...
Cyberattackers Abuse QuickBooks Cloud Service in ‘Double-Spear’ Campaign
Cyberattackers are hiding behind the QuickBooks brand to disguise their malicious activity, researchers are warning. The effort is a "double-spear" approach that packs a one-two punch: Stealing phone numbers...
Palo Alto adds out-of-band web application security features to Prisma Cloud
Palo Alto Networks has announced updates to its Prisma Cloud platform with new out-of-band web application and API security (WAAS) features, along with new application visibility capabilities. The vendor...
