A newly discovered spyware tool named MerkSpy is targeting users in Canada, India, Poland, and the U.S., exploiting a patched security flaw in Microsoft MSHTML. This campaign, identified by Foresiet researchers, highlights the critical need for vigilant cybersecurity practices, including stolen credentials detection, darknet monitoring services, and digital footprint analysis. Attack Overview The attack begins with a Microsoft Word document disguised as a job description for a software engineer.

A high-severity remote code execution (RCE) vulnerability, CVE-2024-6387, has been discovered in OpenSSH’s server by the Qualys research team. This vulnerability is particularly concerning as it revives an issue that was previously addressed in 2006, highlighting the persistence of hidden bugs in widely used secure software. This discovery follows another significant vulnerability in the XZ Utils library found just a few months ago, underscoring ongoing security challenges.

Nowadays, financial organizations rely heavily on information and communication technology (ICT) to support remote operations. While ICT enhances operational efficiency and customer experience, it significantly increases cybersecurity risks in the financial sector. To mitigate cybersecurity risks related to ICT, the European Union (EU) has developed a specific regulation: the Digital Operational Resilience Act.

In today's digital age, where cyberattacks are multiplying rapidly, understanding the threat landscape is essential for the survival of organizations. It is clear that cybercriminals are not resting on their laurels and are constantly developing new strategies. This forces businesses to stay ahead of the curve to protect their digital assets. Companies need to be aware of the most common cybersecurity threats and the appropriate protection measures to ensure the security of their sensitive information.

Following the kick-off of the UEFA EUROs 2024 in Germany, Egress’ Threat Intelligence team has observed a massive spike in Euros-related phishing attacks, recording 7,000 unique campaigns with over 24,000 individual attacks since June 17th, 2024. These attacks are more sophisticated than you might expect, with many attackers choosing to impersonate businesses associated with the tournament rather than impersonating UEFA directly.

Blockchain technology, renowned for its decentralized and immutable nature, promises enhanced security for various applications. However, like any technology, it is not without vulnerabilities. This in-depth examination explores the security aspects of blockchain, identifies common vulnerabilities, and outlines the measures needed to secure blockchain applications effectively.

Held in Breda, Netherlands, this year’s Cyber Resilience Day convened industry leaders and cybersecurity experts to address the topic of supply chain attacks and the latest digital threats. The event showcased a series of keynote speeches, panel discussions, and interactive workshops, equipping attendees with valuable insights and actionable strategies to strengthen their organizations’ cyber resilience.

Modern cybercriminals aren’t just after your average employee. They’re targeting DevOps engineers – the gatekeepers of critical infrastructure and valuable data. 90% of data breaches start with phishing. Traditional awareness training often needs more technical depth. These programs tend to focus on generic red flags (e.g., suspicious links and requests for sensitive information) that are easily recognized by most.

SASE is all about strategically solving business problems. The systematic removal of technology barriers standing in the way of business outcomes. It is a brand new “how” (platform) for a well-known “what” (features). When we started Cato in 2015, we were immersed in skepticism. Can you actually build a cloud network that will replace MPLS circuits with decades of proven reliability?

All Surface Monitoring users can configure Attack Surface Policies directly from the new Domains page, enabling various combinations of characteristics that were previously unavailable. Users are now alerted when policy breaches occur directly through their integrated tools, such as Slack and Jira.