Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest
Security researchers and hackers demonstrated 63 zero-day vulnerabilities in popular devices at the latest Pwn2Own, exploiting printers from Canon, HP, and Lexmark, and routers and network-attached storage device from...
Security Flaw in Atlassian Products Affecting Multiple Companies
BENGALURU, December 13, 2022 — Researchers at CloudSEK observed that for Atlassian products - Jira, Confluence, and BitBucket, cookies are not invalidated, even if the password is changed, with...
Metaparasites & the Dark Web: Scammers Turn on Their Own
Cybercriminals are often seen as parasites, feeding off a wide swath of victims of every size and stripe. But as it turns out, they've become targets in their own...
Rash of New Ransomware Variants Springs Up in the Wild
Enterprise security teams can add three more ransomware variants to the constantly growing list of ransomware threats for which they need to monitor.The three variants — Vohuk, ScareCrow, and...
TikTok Banned on Govt. Devices; Will Private Sector Follow Suit?
Texas this week become the fifth US state to ban the TikTok app on government-owned devices over concerns about the social media app harvesting sensitive data from user devices...
3 Ways Attackers Bypass Cloud Security
BLACK HAT EUROPE 2022 – London - CoinStomp. Watchdog. Denonia.These cyberattack campaigns are among the most prolific threats today targeting cloud systems — and their ability to evade detection...
Google: Use SLSA Framework for Better Software Security
Organizations should implement the Supply Chain Levels for Software Artifacts (SLSA) framework when building software to ensure better software security and integrity, advocates Google — after the tech giant...
Iranian APT Targets US With Drokbk Spyware via GitHub
A subgroup of the state-backed Iranian threat actor Cobalt Mirage is using a new custom malware dubbed "Drokbk" to attack a variety of US organizations, using GitHub as a...
Report: Air-Gapped Networks Vulnerable to DNS Attacks
Common misconfigurations in how Domain Name System (DNS) is implemented in an enterprise environment can put air-gapped networks and the high-value assets they are aimed at protecting at risk...
