Microsoft Warns of ‘FoggyWeb’ Malware Targeting AD FS Servers
The attack group Microsoft tracks as Nobelium is using a new post-exploitation backdoor capable of stealing sensitive data from a compromised Active Directory Federation Services (AD FS) server, the...
Microsoft Adds Emergency Threat Mitigation to Its Exchange Server Software
Microsoft has baked a new threat mitigation feature into Exchange Server that will roll out this week as part of its September 2021 cumulative update to the software platform.
The new Emergency Mitigation...
CISA: Wide Exploitation of New VMware vCenter Server Flaw Likely
Organizations using VMware's vCenter Server that haven't yet applied a patch for a recently disclosed arbitrary file upload vulnerability in the management utility (CVE-2021-22005) are at heightened risk of...
TangleBot Campaign Underscores SMS Threat
A malware campaign targeting Android devices in the United States and Canada with convincing text messages and links that lead to a downloader has highlighted the danger from SMS...
Supply Chain and Ransomware Threats Drove 60% Increase in Global Cyber Intelligence Sharing Among...
Reston, VA, (23 September, 2021) - FS-ISAC, the only global cyber intelligence sharing community solely focused on financial services, announced today that global cyber intelligence sharing among its member...
SAIC Appoints Kevin Brown as Chief Information Security Officer
RESTON, Va.--(BUSINESS WIRE)--Science Applications International Corp. (NYSE: SAIC) today announced that Kevin Brown has joined the company as chief information security officer (CISO). In this role, Brown leads the...
FamousSparrow APT Group Flocks to Hotels, Governments, Businesses
A cyberespionage group dubbed FamousSparrow is targeting hotels, governments, and private businesses around the world, leveraging the ProxyLogon Microsoft Exchange Server vulnerability along with its own custom backdoor, SparrowDoor.
ESET...
NIST Brings Threat Modeling into the Spotlight
One noteworthy element of the National Institute of Standards and Technology's recent Recommended Minimum Standard for Vendor or Developer Verification of Code is the prominence given to threat modeling, which is...
Apple Patches Zero-Days in iOS, Known Vuln in macOS
Apple today released security updates for three vulnerabilities in iOS and one flaw in macOS Catalina. Two of the iOS flaws may have been actively exploited, while exploits for...
Who Is BlackMatter?
If you hadn't heard of BlackMatter before this week, you now likely know it as the group linked to a recent ransomware attack against Iowa-based farm services provider New...
