Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks
A security vendor's recent analysis of Rockwell Automation's programmable logic controller (PLC) platform has uncovered two serious vulnerabilities that give attackers a way to modify automation processes and potentially...
Nation-State Hackers Ramp Up Ukraine War-Themed Attacks
The Belarus-based operator of an organized and ongoing disinformation campaign in Europe called "Ghostwriter" is using a new, hard-to-detect phishing technique to target organizations in Ukraine just days after...
Zero-Day Vulnerability Discovered in Java Spring Framework
A zero-day vulnerability found in the popular Java Web application development framework Spring likely puts a wide variety of Web apps at risk of remote attack, security researchers disclosed on March 30.
The vulnerability —...
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
Threat actors are compromising cloud accounts in order to create distributed workloads for cryptomining — compromising misconfigured and vulnerable cloud instances for executing distributed denial-of-service (DDoS) attacks and abusing trial accounts from...
Log4j Attacks Continue Unabated Against VMware Horizon Servers
VMware Horizon servers — which many organizations are using to enable secure anywhere, anytime access to enterprise apps for remote workers — continue to be a popular target for...
Indictment of Russian National Offers Glimpse Into Methodical Targeting of Energy Firm
A 2021 indictment that was unsealed this week against a Russian national for allegedly attacking an oil refinery in Saudi Arabia in 2017 has provided a glimpse into the...
Toby Lewis of Darktrace on Enhancing Cybersecurity With AI
With the rise of the cloud and remote work, the old model of a fortified corporate network you could protect from outside attack has crumbled. The perimeter has stretched...
Okta Says 366 Customers Impacted via Third-Party Breach
A late January 2022 security incident at Okta that its executives only a day ago described as an unsuccessful attempt to compromise the account of a third-party support engineer...
Ransomware Group Claims Major Okta Breach
A ransomware group's claims this week that it had stolen source code from Microsoft and had — at least at one point — gained control of a superuser account...
‘Unique Attack Chain’ Drops Backdoor in New Phishing Campaign
An unknown and likely advanced threat actor is using a novel combination of open source tools, steganography, and a detection bypass technique to attack government agencies, real estate companies,...
