ReversingLabs researchers have identified new, malicious software packages believe to be linked to a campaign, VMConnect, that our team first identified in August 2023 and which has ties to the North Korean hacking team Lazarus Group. The new samples were…
Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia
A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort. Cybersecurity…
Improving Operational Efficiencies and Providing Tighter Integrations with Cisco Security Products
Secure Network Analytics 7.5.1 is now available. This release provides features including expanded firewall log ingestion, custom dashboards, better ISE integration, and much more. This article has been indexed from Cisco Blogs Read the original article: Improving Operational Efficiencies and…
Poland thwarted cyberattacks that were carried out by Russia and Belarus
Poland ‘s security officials announced that they successfully thwarted cyberattacks that were carried out by Russia and Belarus. Poland security services announced they have thwarted a cyber operation orchestrated by Russia and Belarus, aimed at destabilizing the country, according to…
Darkhive Raises $21 Million for Drones, Secure Code Delivery System
Drone maker Darkhive has raised $21 million in a round led by cybersecurity-focused venture capital firm Ten Eleven. The post Darkhive Raises $21 Million for Drones, Secure Code Delivery System appeared first on SecurityWeek. This article has been indexed from…
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming it is being actively exploited by attackers. Though the…
Chinese APT Group Abuses Visual Studio Code to Target Government in Asia
Chinese APT group Stately Taurus exploited Visual Studio Code to target government entities in Southeast Asia for cyberespionage. They utilized the software’s reverse shell feature to infiltrate networks, a technique first detected in 2023. This article has been indexed from…
New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the “audio gap” and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen. “Malware in the air-gap and…
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to…
New Chrome Zero-Day
According to Microsoft researchers, North Korean hackers have been using a Chrome zero-day exploit to steal cryptocurrency. This article has been indexed from Schneier on Security Read the original article: New Chrome Zero-Day
Risk Assessment and Gap Analysis for Industrial Control System infrastructure: the core essentials
Conducting a risk assessment and gap analysis exercise for Industrial Control System environments is important from cybersecurity, business continuity, and risk mitigation perspectives. It is important to bring the risk exposure down to acceptable levels and minimize the risk tolerance…
Looking Toward U.S. Federal Privacy Regulation, How Software Companies can Prepare
Software developers, as key players in the digital ecosystem, must proactively adapt to these changes to ensure compliance and uphold the privacy rights of users. The post Looking Toward U.S. Federal Privacy Regulation, How Software Companies can Prepare appeared first…