Latest news about information security vulnerabilities, threats, incidents and events
Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
-
-
Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments.
Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks...
More details.
Posted on Wed, 05 Feb 2025 18:33:00 +0530
Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
"This threat group has previously targeted entities...
More details.
Posted on Wed, 05 Feb 2025 18:16:00 +0530
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.
The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9...
More details.
Posted on Wed, 05 Feb 2025 17:46:00 +0530
Navigating the Future: Key IT Vulnerability Management Trends
As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws...
More details.
Posted on Wed, 05 Feb 2025 16:30:00 +0530
AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks
A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels.
"AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis...
More details.
Posted on Wed, 05 Feb 2025 15:10:00 +0530
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild...
More details.
Posted on Wed, 05 Feb 2025 10:35:00 +0530
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems...
More details.
Posted on Tue, 04 Feb 2025 19:46:00 +0530
Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware.
The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user...
More details.
Posted on Tue, 04 Feb 2025 17:58:00 +0530
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process...
More details.
Posted on Tue, 04 Feb 2025 17:41:00 +0530
Watch Out For These 8 Cloud Security Shifts in 2025
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud...
More details.
Posted on Tue, 04 Feb 2025 16:30:00 +0530
Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence (AI) platform, citing security risks.
"Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan's Ministry of Digital Affairs, per Radio Free Asia...
More details.
Posted on Tue, 04 Feb 2025 15:02:00 +0530
AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.
The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7...
More details.
Posted on Tue, 04 Feb 2025 14:28:00 +0530
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions...
More details.
Posted on Tue, 04 Feb 2025 10:38:00 +0530
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7...
More details.
Posted on Tue, 04 Feb 2025 10:21:00 +0530
Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks...
More details.
Posted on Tue, 04 Feb 2025 09:59:00 +0530
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23...
More details.
Posted on Mon, 03 Feb 2025 19:27:00 +0530
PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages
The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security.
"Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said...
More details.
Posted on Mon, 03 Feb 2025 18:00:00 +0530
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [3 February]
This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in...
More details.
Posted on Mon, 03 Feb 2025 17:29:00 +0530
Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions
Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote.
"Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week...
More details.
Posted on Mon, 03 Feb 2025 17:09:00 +0530
What Is Attack Surface Management?
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what’s exposed and where attackers are most likely to strike.
With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important...
More details.
Posted on Mon, 03 Feb 2025 16:30:00 +0530
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer...
More details.
Posted on Mon, 03 Feb 2025 11:00:00 +0530
U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan...
More details.
Posted on Sat, 01 Feb 2025 13:44:00 +0530
BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key
BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key...
More details.
Posted on Sat, 01 Feb 2025 12:10:00 +0530
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists
Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members.
The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions...
More details.
Posted on Sat, 01 Feb 2025 10:59:00 +0530
Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts
Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials...
More details.
Posted on Sat, 01 Feb 2025 08:52:00 +0530
CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors...
More details.
Posted on Fri, 31 Jan 2025 18:40:00 +0530
Top 5 AI-Powered Social Engineering Attacks
Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software...
More details.
Posted on Fri, 31 Jan 2025 16:45:00 +0530
Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns
Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data...
More details.
Posted on Fri, 31 Jan 2025 16:34:00 +0530
Google Bans 158,000 Malicious Android App Developer Accounts in 2024
Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps...
More details.
Posted on Fri, 31 Jan 2025 16:15:00 +0530
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information...
More details.
Posted on Fri, 31 Jan 2025 11:19:00 +0530
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations...
More details.
Posted on Thu, 30 Jan 2025 21:55:00 +0530
Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown
An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP.
The effort, which took place between January 28 and 30, 2025, targeted the following domains -
www...
More details.
Posted on Thu, 30 Jan 2025 18:45:00 +0530
Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution.
The vulnerability, rated a CVSS score of 9...
More details.
Posted on Thu, 30 Jan 2025 18:03:00 +0530
SOC Analysts - Reimagining Their Role Using AI
The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats...
More details.
Posted on Thu, 30 Jan 2025 16:00:00 +0530
DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data...
More details.
Posted on Thu, 30 Jan 2025 15:39:00 +0530
Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.
"When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week...
More details.
Posted on Thu, 30 Jan 2025 12:51:00 +0530
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks...
More details.
Posted on Thu, 30 Jan 2025 12:11:00 +0530
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns...
More details.
Posted on Wed, 29 Jan 2025 22:26:00 +0530
AI in Cybersecurity: What's Effective and What’s Not – Insights from 200 Experts
Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity...
More details.
Posted on Wed, 29 Jan 2025 17:16:00 +0530
New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome...
More details.
Posted on Wed, 29 Jan 2025 16:19:00 +0530
How Interlock Ransomware Infects Healthcare Organizations
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total...
More details.
Posted on Wed, 29 Jan 2025 16:00:00 +0530
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances...
More details.
Posted on Wed, 29 Jan 2025 15:51:00 +0530
UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE...
More details.
Posted on Wed, 29 Jan 2025 11:22:00 +0530
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access.
The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8...
More details.
Posted on Wed, 29 Jan 2025 10:59:00 +0530
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild.
"Attackers can leverage this vulnerability...
More details.
Posted on Wed, 29 Jan 2025 10:41:00 +0530
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany.
The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter...
More details.
Posted on Tue, 28 Jan 2025 22:04:00 +0530
OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking
Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals.
"By exploiting this flaw, attackers...
More details.
Posted on Tue, 28 Jan 2025 19:32:00 +0530
AI SOC Analysts: Propelling SecOps into the future
Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution...
More details.
Posted on Tue, 28 Jan 2025 16:50:00 +0530
Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations
Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar...
More details.
Posted on Tue, 28 Jan 2025 16:31:00 +0530
How Long Does It Take Hackers to Crack Modern Hashing Algorithms?
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity...
More details.
Posted on Tue, 28 Jan 2025 16:00:00 +0530
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.
Posted on Wed, 31 Aug 2022 12:57:48 +0000
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.
Posted on Tue, 30 Aug 2022 16:00:43 +0000
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.
Posted on Mon, 29 Aug 2022 14:56:19 +0000
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.
Posted on Fri, 26 Aug 2022 16:44:27 +0000
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.
Posted on Thu, 25 Aug 2022 18:47:15 +0000
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.
Posted on Wed, 24 Aug 2022 14:17:04 +0000
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.
Posted on Tue, 23 Aug 2022 13:19:58 +0000
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.
Posted on Mon, 22 Aug 2022 13:59:06 +0000
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.
Posted on Fri, 19 Aug 2022 15:25:56 +0000
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.
Posted on Thu, 18 Aug 2022 14:31:38 +0000
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat ...
More details.
Posted on Fri, 13 Dec 2024 12:04:08 +0000
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
More details.
Posted on Mon, 02 Dec 2024 10:43:16 +0000
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat ...
More details.
Posted on Mon, 02 Dec 2024 07:51:03 +0000
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
More details.
Posted on Fri, 29 Nov 2024 12:53:23 +0000
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
More details.
Posted on Fri, 29 Nov 2024 11:19:32 +0000
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
More details.
Posted on Tue, 26 Nov 2024 07:46:59 +0000
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
More details.
Posted on Mon, 28 Oct 2024 04:57:20 +0000
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
More details.
Posted on Mon, 28 Oct 2024 02:43:18 +0000
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat ...
More details.
Posted on Fri, 25 Oct 2024 03:57:42 +0000
Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to...
More details.
Posted on Thu, 10 Oct 2024 12:22:16 +0000
AI Magic: My Blog, LinkedIn, and a 7-Minute Podcast!
So, here’s something that blew my mind: I decided to test
Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn
page and my blog, not expecting much more than a basic summary...
More details.
Posted on Mon, 30 Sep 2024 17:01:00 +0000
How I Introduced the Cybersecurity World to a Cold War Hero
If you told me a year ago that I would meet a cold war hero at a birthday
party, I wouldn’t have believed you. And I would be even more skeptical if
you told me she would be an unintimidating, approachable music professor
with an infectious smile...
More details.
Posted on Thu, 30 Jun 2022 00:39:31 +0000
log4shell
UPDATED December 16, 2021
If you are reading this, you likely have heard about Log4Shell, the
December, 2021 critical zero-day remote-code execution vulnerability in the
popular Log4j software library that is developed and maintained by the
Apache Software Foundation...
More details.
Posted on Tue, 14 Dec 2021 18:56:34 +0000
Hacking Humble Bundle
Last year, Humble Bundle teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking ebooks for as little as one
dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks...
More details.
Posted on Tue, 30 Nov 2021 17:11:00 +0000
Cybersecurity Awareness Month 2021
October is Cybersecurity Awareness Month and Breast Cancer Awareness Month.
Since this is a cybersecurity blog, we will focus on cybersecurity but
let’s take a moment to talk about the important topic of breast cancer...
More details.
Posted on Fri, 01 Oct 2021 16:58:53 +0000
Colonial Pipeline: Lessons Learned
The Colonial Pipeline ransomware attack took down the largest fuel pipeline
in the United States and resulted in consumer hoarding of fuel and a
short-term shortage of gasoline on the east coast of the U...
More details.
Posted on Fri, 04 Jun 2021 21:23:00 +0000
President Biden's Cybersecurity Executive Order
Aiming to improve cybersecurity in the United States, President Biden
signed an executive order (EO) on May 12, 2021. Although the EO focuses on
U.S. federal departments’ and agencies’ cybersecurity, it will likely
result in standards that will change the way the private sector manages
cybersecurity within the United States and globally...
More details.
Posted on Fri, 28 May 2021 19:08:00 +0000
World Password Day - May 6, 2021
It’s World Password Day!
Are your passwords strong enough?
Do you have a long, unique password for every account?
Do you use multi-factor authentication where available?
If you answered, “no”...
More details.
Posted on Thu, 06 May 2021 13:30:00 +0000
Facebook Leak Leads To Smishing
I have always considered myself pretty lucky in that I rarely receive
fraudulent text messages. That luck recently ran out. Over the past few
weeks I have noticed an uptick in the number of SMS phishing (smishing)
messages that I receive on my phone...
More details.
Posted on Mon, 05 Apr 2021 14:42:00 +0000
2021 Cybersecurity Report Roundup
Annual cybersecurity reports are a rich resource of statistics and
information for cybersecurity professionals, academics, journalists and
anyone who is interested in cybersecurity. Below is a categorized...
More details.
Posted on Fri, 02 Apr 2021 12:27:00 +0000
2021 Top Cybersecurity Leaders
The March 2021 issue of Security magazine, partnering with (ISC)2, featured
their inaugural list of the Top Cybersecurity Leaders for 2021. As the
author of this blog, I am both humbled and honored, to not only be part of
the inaugural team, but also to be recognized with these accomplished
cybersecurity professionals...
More details.
Posted on Sun, 07 Mar 2021 19:54:37 +0000
ILoveYou.txt.vbs
Since today is known for love, let’s look back 21 years to one of the more
destructive, costly and famous viruses in history. The “ILoveYou” worm,
also known as the “Love Bug” or “Love Letter For You” infected more than
ten million Windows computers, beginning on May 5, 2000...
More details.
Posted on Sun, 14 Feb 2021 19:36:17 +0000
Safer Internet Day 2021
Tuesday, February 9th, 2021, marks the 18th edition of Safer Internet Day
with the theme "Together for a better Internet." Safer Internet Day (SID)
started as an EU SafeBorders project in 2004 and is now celebrated in
approximately 170 countries worldwide...
More details.
Posted on Tue, 09 Feb 2021 16:00:00 +0000
Happy New Year!
2020 was a difficult year and Between The Hacks wants to congratulate
everyone who pulled through the challenges. We have all lived through a
year that delivered a global pandemic, civil unrest, and...
More details.
Posted on Thu, 31 Dec 2020 20:58:00 +0000
Merry Christmas & Happy Holidays
Merry Christmas and Happy Holidays from Between The Hacks!
Whether you celebrate Christmas, Hanukkah, Kwanza or Festivus, we hope you
and your family are doing well, staying healthy and surviving 20...
More details.
Posted on Fri, 25 Dec 2020 02:51:00 +0000
BTH News 20December2020
This week on Between The Hacks: The SolarWinds hack explained in plain
English, D-Link router vulnerabilities, Google explains their global
outage, 28 malware-infected browser extensions and cybercrime book for the
security enthusiast on your gift list...
More details.
Posted on Sun, 20 Dec 2020 15:20:00 +0000
SolarWinds Hack: The Basics
By now you have probably heard about the SolarWinds supply-chain compromise
that has impacted government and businesses all over the world. This story
is still unfolding so I won’t try to explain everything in detail, rather,
I’ll attempt to explain the situation for the less-technical reader and
link to some resources so that you can follow the story...
More details.
Posted on Tue, 15 Dec 2020 16:35:12 +0000
BTH News 13December2020
This week on Between The Hacks: A dental data breach, the U.S. IoT Security
Law, a 2020 Microsoft vulnerability report, the final sunset of Adobe
Flash, Rebooting by Lisa Forte and the Smashing Security Christmas party...
More details.
Posted on Sun, 13 Dec 2020 21:30:00 +0000
The U.S. IoT Cybersecurity Improvement Act Becomes Law
An important step toward securing the Internet was achieved on December 4,
2020, when President Trump signed an IoT security bill into law. The
Internet of Things Cybersecurity Improvement Act of 2020 has been in the
works since 2017 and was passed by the U...
More details.
Posted on Wed, 09 Dec 2020 17:53:34 +0000
HACKING 101 Humble Bundle
Now that Black Friday and Cyber Monday are over, you may still be searching
for some great deals. If so, you’ll hardly find a better deal than this
one. Humble Bundle has teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking e-books for as little as one
dollar...
More details.
Posted on Tue, 01 Dec 2020 14:57:33 +0000
Safeguarding the Backbone of the Global Economy: OT/ICS Security in the Oil and Gas Industry
The oil and gas industry is an essential pillar of the global economy, enabling energy production, transportation, and storage that fuel every aspect of modern life. At the core of these operations lie Operational Technology (OT) and Industrial Control Systems (ICS), critical systems responsible for monitoring and controlling key industrial processes...
More details.
Posted on Sun, 12 Jan 2025 09:37:30 +0000
Detailed Guide to SOAR and SIEM
What Is SOAR? SOAR stands for Security Orchestration, Automation, and Response. It’s a cybersecurity tool designed to simplify and enhance the efficiency of IT teams by automating responses to various security threats...
More details.
Posted on Sun, 12 Jan 2025 09:20:49 +0000
What is a cyberattack?
What is a cyberattack? Cyberattacks aim to damage or gain control or access to important documents and systems within a business or personal computer network. Cyberattacks are distributed by individuals or organizations for political, criminal, or personal intentions to destroy or gain access to classified information...
More details.
Posted on Wed, 30 Oct 2024 04:02:41 +0000
What is SIEM ?
Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. SIEM, pronounced “sim,” combines both security information management (SIM) and security event management (SEM) into one security management system...
More details.
Posted on Tue, 29 Oct 2024 08:06:47 +0000
Cyber Security Operation Center Guidelines for best practices SOC Design
Cyber Security is become most needed services for all business and industries in 2024. Every business is concerned about Cyber Security. Security operations (SecOps) leaders face a multifaceted challenge:...
More details.
Posted on Tue, 30 Jan 2024 16:32:57 +0000
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules...
More details.
Posted on Thu, 26 Jan 2023 11:21:59 +0000
YouTube disrupted in Pakistan as former PM Imran Khan streams speech
NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA)...
More details.
Posted on Mon, 22 Aug 2022 05:04:16 +0000
Recommendations for Parents about Cyber Bullying
Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior...
More details.
Posted on Wed, 20 Oct 2021 06:36:27 +0000
WhatsApp, Facebook, Instagram server down in Pakistan?
Facebook-owned social media platforms, WhatsApp, Facebook, and Instagram are facing a worldwide outage, according to Downdetector, which offers real-time status and outage information for all kinds of services...
More details.
Posted on Mon, 04 Oct 2021 17:32:57 +0000
Cloudflare reports record-breaking HTTP-request DDoS attack
Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17...
More details.
Posted on Sun, 22 Aug 2021 19:26:02 +0000
-
What we do and what we offer.
About penetration tests and about our news.
