Plug-ins for Code Editors Pose Developer-Security Threat
There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in...
SolarWinds Attackers Impersonate USAID in Advanced Email Campaign
Microsoft shares the details of a wide-scale malicious email campaign attributed to Nobelium, the group linked to the SolarWinds supply chain attack.The group behind last year's SolarWinds supply chain...
Modern SOCs a ‘Painful’ Challenge Amid Growing Complexity: Report
A new study examines the tools and technologies driving investment and activities for security operations centers.The complexity in managing security operations centers (SOCs) has spiked, survey data shows.
In its...
ExtraHop Explains How Advanced Threats Dominate Threat Landscape
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2020-15453PUBLISHED: 2021-05-27** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate...
DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture
On the heels of the Colonial Pipeline attack, the US Department of Homeland Security aims to force a reticent industry to improve its ability to detect and respond to...
BazaLoader Attackers Create Fake Movie Streaming Site to Trick Victims
The BazaLoader infection chain includes a live call center and "customer service" from criminals, researchers report.The criminals behind a recent malware campaign are using an elaborate infection chain that...
‘Have I Been Pwned’ Code Base Now Open Source
Founder Troy Hunt also announces the platform will receive compromised passwords the FBI finds in its investigations.Have I Been Pwned (HIBP), the free website used by millions to check...
New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks
The Agrius group's focus appears to be Israel and the Middle East.
A likely Iran-backed advanced persistent threat (APT) group has been observed deploying data wiping malware and ransomware attacks...
Devo: SIEM Continues to Evolve with Tech Trends and Emerging Threats
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2020-22026PUBLISHED: 2021-05-26Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial...
Google Discovers New Rowhammer Attack Technique
Researchers publish the details of a new Rowhammer vulnerability called "Half-Double" that exploits increasingly smaller DRAM chips.Google researchers have published their findings on a new Rowhammer technique that expands...
