The internet has become a crucial part of how journalists discover what’s happening around the world and share their findings with the public. It’s an invaluable tool that also poses a number of risks. If you’re a member of the press, you might be worried about, or have already experienced, criminals trying to hijack your accounts, governments attempting to monitor your online activity, or trolls harassing you on social media.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. If you happen to have some switches by Aruba and Avaya that are accessible on the Internet, you might want to patch them like now. There happens to be a trivial exploit allowing take over…
As we approach the one-year anniversary of the Colonial Pipeline ransomware attack, it is an excellent time to reflect upon what took place and how that incident can serve as a teaching point for any organization interested in preventing a ransomware attack. First, here is a quick refresher on what transpired.
Snyk Code is turning one! We’ve hit so many milestones in the last 12 months, and today we invite you to look back, celebrate, and peer into the future of code security with us.
Emotet started as a banking trojan in 2014 and later evolved to what has been considered the world’s most dangerous malware by Europol, often used throughout the world to deliver many different threats, including TrickBot. In October 2020, Netskope analyzed an Emotet campaign that was using PowerShell and WMI within malicious Office documents to deliver its payload. Later in 2021, we also spotted new delivery mechanisms being used, including squiblytwo.
Yesterday, the Elastic Security Research Team released a detailed report outlining technical details regarding the BLISTER launcher, a sophisticated campaign that we uncovered in December 2021. This latest release continues on research we’ve developed while observing the campaign over the last few months — specifically pertaining to the technical details of how the group behind this payload is able to stay under the radar and evade detection for many new samples identified.
Ready to secure government applications? Start with Zero Trust. Trust is the foundation of successful relationships. We want to trust our friends, companies, government, etc., and be trusted in return. But, sometimes mistrust better serves us. A few years ago, the cyber world adopted an approach to security known as trust-but-verify. A simplistic approach, it delivered innovative digital services to consumers – securely and efficiently.
In the recent MITRE Engenuity ATT&CK Enterprise Evaluation, CrowdStrike demonstrated the power of its unified platform approach to stopping breaches. Facing attack emulations from the highly sophisticated WIZARD SPIDER and VOODOO BEAR (Sandworm Team) adversaries, the CrowdStrike Falcon® platform: The results show that CrowdStrike stands alone in providing a unified approach to stopping adversaries from progressing attacks.
Read also: Rari Capital and Fei Protocol DeFi projects lost over $80M in a hack, Romania hit with DDoS attacks, and more.
