Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks
Many of the tools that organizations are deploying to isolate Internet traffic from the internal network — such as multifactor authentication, zero-trust network access, SSO, and identity provider services...
Software Development Pipelines Offer Cybercriminals ‘Free-Range’ Access to Cloud, On-Prem
Continuous integration/continuous development (CI/CD) pipelines may be the most dangerous potential attack surface of the software supply chain, researchers say, as cyberattackers step up their interest in probing for...
Russia-Ukraine Conflict Holds Cyberwar Lessons
The online attacks against infrastructure and information operations used by both sides in the conflict between Russia and Ukraine fulfill the definition of cyberwar and hold lessons for governments...
10 Malicious Code Packages Slither into PyPI Registry
Administrators of the Python Package Index (PyPI) have removed 10 malicious software code packages from the registry after a security vendor informed them about the issue.The incident is the latest...
Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers
Tracked by analysts since mid-June, RapperBot malware has spread through brute-force attacks on SSH servers. The IoT botnet targets devices running on ARM, MIPS, SCARC, and x86 architectures, researchers...
Stolen Data Gives Attackers Advantage Against Text-Based 2FA
Companies that rely on texts for a second factor of authentication are putting about 20% of their customers at risk because the information necessary to attack the system is available in...
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem
The underground economy is booming — fomented by a surging and evolving ransomware sector. The Dark Web now has hundreds of thriving marketplaces where a wide variety of professional ransomware products and services...
Genesis IAB Market Brings Polish to the Dark Web
The growing role of so-called initial access brokers (IABs) in the underground cybercrime economy is reflected in evolution of Genesis Marketplace, one of the earliest full-fledged markets for IABs,...
Time to Patch VMware Products Against a Critical New Vulnerability
Several VMware products need to be patched against a critical flaw that would allow authentication bypass for on-premises implementations.
The latest VMware bug is being tracked under CVE-2022-31656 and has a CVSSv3 base...
Massive China-Linked Disinformation Campaign Taps PR Firm for Help
A fake-news influence campaign based in China is leveraging at least 72 inauthentic news sites to push content strategically aligned with the political interests of the People's Republic of...