Pay What You Want for This Collection of White Hat Hacking Courses
Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new...
State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations
Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks...
CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of...
Worried About the Exchange Zero-Day? Here's What to Do
While organizations wait for an official patch for the two zero-day flaws in Microsoft Exchange, they should scan their networks for signs of exploitation and apply these mitigations....
LA School District Ransomware Attackers Now Threaten to Leak Stolen Data
Weeks after it breached the Los Angeles Unified School District, the Vice Society ransomware group is threatening to leak the stolen data, unless they get paid....
Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here
It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones....
Cybercriminals See Allure in BEC Attacks Over Ransomware
While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter....
Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack
Malicious Comm100 files have been found scattered throughout North America, and across sectors including tech, healthcare, manufacturing, telecom, insurance, and others....
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms....
New Malware Families Found Targeting VMware ESXi Hypervisors
Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection.
Google's Mandiant threat intelligence division referred to it as a...
ESET Research into new attacks by Lazarus – Week in security with Tony Anscombe
The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021 The post ESET Research into new attacks by Lazarus – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Cyber Attacks Against Middle East Governments Hide Malware in Windows logo
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments.
Broadcom's Symantec Threat Hunter...