On June 23, The Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard Cyber Command (CGCYBER) released a joint Cybersecurity Advisory (CSA) warning network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers.

mr.d0x, a security researcher who previously released phishing tactics such as browser-in-the-browser (BitB) and utilized NoVNC to circumvent two-factor authentication (2FA), has released a new phishing attack method that exploits WebView2 applications to steal cookies and credentials. The code base utilizes a modified version of Microsoft’s WebView2 Samples repository. Microsoft has developed a new module called “Microsoft Edge WebView2 control”.

Malware can come from and in a variety of attack vectors. Besides using ‘traditional’ methods of spreading malware, adversaries can leverage more sophisticated methods to turn your Power System into a ‘malware host’. The key target is your data. Data is valuable, and organisations have paid at least $602 million to ransomware gangs in 2021.

A $10 million reward is being offered for information leading to the identification or location of malicious hackers working with North Korea to launch cyber attacks on US critical infrastructure. The offer comes from the US State Department which is understandably eager to disrupt the activities of hacking gangs linked to foreign governments who may have engaged in espionage, cryptocurrency theft, and other malicious activities.

We are excited to officially announce the launch of the new Tines Story Library - making it easier than ever to unlock the potential for greater business efficiency and more streamlined operations in less time with less effort! The power of no-code automation is now at your fingertips. From interacting with SIEMs to chatbots, case management systems, and more, the Story Library is filled with ready-to-use automation Stories, providing inspiration and digital transformation with just one click.

AI has certainly become the hallmark of digital transformation strategy. According to IDC, global AI spending is forecasted to reach $500 billion in 2024 with a CAGR of 17.5%. Likewise, Gartner predicts low-code application platforms (LCAP), robotic process automation (RPA) and AI are fueling the growth for hyperautomation, and the market will reach $596 billion in 2022, up nearly 24%.

A few months ago, we reported on an interesting site called the Chameleon Phishing Page. These websites have the capability to change their background and logo depending on the user’s domain. The phishing site is stored in IPFS (InterPlanetary File System) and after reviewing the URLs used by the attacker, we noticed an increasing number of phishing emails containing IPFS URLs as their payload.

Threats are becoming more sophisticated and the cybersecurity challenges organizations face are growing. Today, one of the biggest risks is hybrid work. According to a Canalys report, 134 million employees worldwide work remotely or under a hybrid model. As we addressed in our Cybersecurity Insights, extending beyond the company office perimeter makes protection a much greater challenge.

Read also: Digital security giant Entrust hit with ransomware, the US doubles a reward for info on North Korean hackers, and more.

The COVID-19 pandemic has indelibly changed the way we all work. As the world has opened back up and organizations have begun making the return to the office, many employees still want a hybrid work model. In an ideal hybrid working model, employees feel empowered and more productive given the freedom to do their work from any location or device, whenever it’s most convenient. Users need fast, secure access to their data, regardless of where their applications are located.