‘Sliver’ Emerges as Cobalt Strike Alternative for Malicious C2
Enterprise security teams, which over the years have honed their ability to detect the use of Cobalt Strike by adversaries, may also want to keep an eye out for "Sliver."...
How Threat Actors Are a Click Away From Becoming Quasi-APTs
The first shots fired in the current conflict between Russia and Ukraine were not by firearms, but keystrokes. In this new-age war, the cybersphere is a primary battleground, and...
Chaotic LAPSUS$ Group Goes Quiet, but Threat Likely Persists
The LAPSUS$ extortion group has gone quiet following a notorious and rapid rise through the threat landscape, targeting companies including Microsoft, NVIDIA, and Okta, and earning notoriety for its...
The Metaverse Could Become a Top Avenue for Cyberattacks in 2023
A combination of maturing and emerging consumer-facing cyber threats could add to the many challenges that enterprise security teams will need to contend with in 2023.Researchers at Kaspersky, looking...
1,000s of Phishing Attacks Blast Off From InterPlanetary File System
The distributed, peer-to-peer (P2P) InterPlanetary File System (IPFS) has become a hotbed of phishing-site storage: Thousands of emails containing phishing URLs utilizing IPFS are showing up in corporate inboxes.
According to a...
MacOS Zero-Day Used in Watering-Hole Attacks
Apple fixed a zero-day vulnerability in September after being notified that attackers had used the security issue in macOS Catalina — along with a previously known vulnerability — to...
More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic
Organizations that have not implemented controls for detecting malware hidden in encrypted network traffic are at risk of having a vast majority of malicious tools being distributed in the...
Sophos Research Uncovers Widespread Use of TLS By Cybercriminals
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2021-30108PUBLISHED: 2021-05-24Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url,...
Trickbot Comes Up With a New Set of Tricks
More than a year after technology companies, financial firms, and law enforcement attempted to take down the Trickbot botnet, the group behind the malware seems to be retiring the...
Microsoft CISO Shares Remote Work Obstacles & Lessons Learned
Bret Arsenault explains changes he implemented along the way as Microsoft's workforce went from 20% to 97% remote.Organizations around the world were forced to shut down their offices and...