Oct
01

Pay What You Want for This Collection of White Hat Hacking Courses

Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new...

Oct
01

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks...

Oct
01

CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of...

Sep
30

Worried About the Exchange Zero-Day? Here's What to Do

While organizations wait for an official patch for the two zero-day flaws in Microsoft Exchange, they should scan their networks for signs of exploitation and apply these mitigations....

Sep
30

LA School District Ransomware Attackers Now Threaten to Leak Stolen Data

Weeks after it breached the Los Angeles Unified School District, the Vice Society ransomware group is threatening to leak the stolen data, unless they get paid....

Sep
30

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones....

Sep
30

Cybercriminals See Allure in BEC Attacks Over Ransomware

While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter....

Sep
30

Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack

Malicious Comm100 files have been found scattered throughout North America, and across sectors including tech, healthcare, manufacturing, telecom, insurance, and others....

Sep
30

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms....

Sep
30

New Malware Families Found Targeting VMware ESXi Hypervisors

Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection.
Google's Mandiant threat intelligence division referred to it as a...

Sep
30

ESET Research into new attacks by Lazarus – Week in security with Tony Anscombe

The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021 The post ESET Research into new attacks by Lazarus – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Sep
30

Cyber Attacks Against Middle East Governments Hide Malware in Windows logo

An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments.
Broadcom's Symantec Threat Hunter...