Latest news about information security vulnerabilities, threats, incidents and events

Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
-
-
Transform Your Data Security Posture – Learn from SoFi's DSPM Success
As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches...
More details.
Posted on Tue, 28 Nov 2023 18:20:00 +0530
Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges...
More details.
Posted on Tue, 28 Nov 2023 18:04:00 +0530
How Hackers Phish for Your Users' Credentials and Sell Them
Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization’s entire network at risk...
More details.
Posted on Tue, 28 Nov 2023 16:43:00 +0530
Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine
A coordinated law enforcement operation has led to the arrest of key individuals in Ukraine who are alleged to be a part of several ransomware schemes.
"On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of the 32-year-old ringleader," Europol said in a statement today...
More details.
Posted on Tue, 28 Nov 2023 16:03:00 +0530
Stop Identity Attacks: Discover the Key to Early Threat Detection
Identity and Access Management (IAM) systems are a staple to ensure only authorized individuals or entities have access to specific resources in order to protect sensitive information and secure business assets...
More details.
Posted on Tue, 28 Nov 2023 15:54:00 +0530
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file...
More details.
Posted on Tue, 28 Nov 2023 15:53:00 +0530
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection
The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN...
More details.
Posted on Tue, 28 Nov 2023 10:24:00 +0530
How to Handle Retail SaaS Security on Cyber Monday
If forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information...
More details.
Posted on Mon, 27 Nov 2023 23:27:00 +0530
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established...
More details.
Posted on Mon, 27 Nov 2023 18:48:00 +0530
U.S., U.K., and Global Partners Release Secure AI System Development Guidelines
The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems.
"The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priority," the U...
More details.
Posted on Mon, 27 Nov 2023 12:25:00 +0530
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack.
The web shell, a dynamic-link library (DLL) named “hrserv...
More details.
Posted on Sat, 25 Nov 2023 10:38:00 +0530
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files.
A brief description of the vulnerabilities is as follows -
CVE-2023-49103 (CVSS score: 10...
More details.
Posted on Sat, 25 Nov 2023 09:30:00 +0530
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
More details have emerged about a malicious Telegram bot called Telekopye that's used by threat actors to pull off large-scale phishing scams.
"Telekopye can craft phishing websites, emails, SMS messages, and more," ESET security researcher Radek Jizba said in a new analysis...
More details.
Posted on Fri, 24 Nov 2023 21:02:00 +0530
Tell Me Your Secrets Without Telling Me Your Secrets
The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service...
More details.
Posted on Fri, 24 Nov 2023 16:23:00 +0530
Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Cybersecurity researchers have shed light on a Rust version of a cross-platform backdoor called SysJoker, which is assessed to have been used by a Hamas-affiliated threat actor to target Israel amid the ongoing war in the region...
More details.
Posted on Fri, 24 Nov 2023 16:01:00 +0530
Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories
Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks.
“These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week...
More details.
Posted on Fri, 24 Nov 2023 12:14:00 +0530
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks
A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts.
The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43)...
More details.
Posted on Thu, 23 Nov 2023 20:16:00 +0530
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails
Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab.
"The malware itself is split into multiple components, including a...
More details.
Posted on Thu, 23 Nov 2023 18:24:00 +0530
6 Steps to Accelerate Cybersecurity Incident Response
Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in.
Security teams must be able to stop threats and restore normal operations as quickly as possible...
More details.
Posted on Thu, 23 Nov 2023 16:18:00 +0530
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet...
More details.
Posted on Thu, 23 Nov 2023 16:17:00 +0530
N. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
A North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called CyberLink to target downstream customers via a supply chain attack...
More details.
Posted on Thu, 23 Nov 2023 11:16:00 +0530
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login
A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops...
More details.
Posted on Wed, 22 Nov 2023 20:53:00 +0530
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U...
More details.
Posted on Wed, 22 Nov 2023 17:44:00 +0530
AI Solutions Are the New Shadow IT
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.
Employees are covertly using AI with little regard for established IT and cybersecurity review procedures...
More details.
Posted on Wed, 22 Nov 2023 16:38:00 +0530
ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer
The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake.
"This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system," Malwarebytes' Jérôme Segura said in a Tuesday analysis...
More details.
Posted on Wed, 22 Nov 2023 12:45:00 +0530
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments...
More details.
Posted on Wed, 22 Nov 2023 10:19:00 +0530
Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals
The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed.
"The unusual lack of even small...
More details.
Posted on Tue, 21 Nov 2023 19:26:00 +0530
New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers...
More details.
Posted on Tue, 21 Nov 2023 17:27:00 +0530
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography...
More details.
Posted on Tue, 21 Nov 2023 16:10:00 +0530
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits.
"Once Kinsing...
More details.
Posted on Tue, 21 Nov 2023 15:30:00 +0530
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data.
“Using social...
More details.
Posted on Tue, 21 Nov 2023 13:16:00 +0530
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
The China-linked Mustang Panda actor has been linked to a cyber attack targeting a Philippines government entity amid rising tensions between the two countries over the disputed South China Sea...
More details.
Posted on Tue, 21 Nov 2023 12:28:00 +0530
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors
Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT.
"The delivery mechanisms for the NetSupport RAT encompass...
More details.
Posted on Mon, 20 Nov 2023 20:49:00 +0530
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan.
“These include hijacked...
More details.
Posted on Mon, 20 Nov 2023 20:20:00 +0530
Product Walkthrough: Silverfort's Unified Identity Protection Platform
In this article, we will provide a brief overview of Silverfort's platform, the first (and currently only) unified identity protection platform on the market. Silverfort’s patented technology...
More details.
Posted on Mon, 20 Nov 2023 20:20:00 +0530
Why Defenders Should Embrace a Hacker Mindset
Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments...
More details.
Posted on Mon, 20 Nov 2023 16:32:00 +0530
LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique
The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts...
More details.
Posted on Mon, 20 Nov 2023 16:19:00 +0530
Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking
Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms...
More details.
Posted on Mon, 20 Nov 2023 14:46:00 +0530
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
An Indian hack-for-hire group targeted the U.S., China, Myanmar, Pakistan, Kuwait, and other countries as part of a wide-ranging espionage, surveillance, and disruptive operation for over a decade.
Indian...
More details.
Posted on Mon, 20 Nov 2023 12:12:00 +0530
8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks.
The findings come from Cisco Talos, which has recorded an increase in activity carried out by the cybercriminals...
More details.
Posted on Sat, 18 Nov 2023 16:57:00 +0530
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities...
More details.
Posted on Sat, 18 Nov 2023 12:02:00 +0530
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead.
Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER...
More details.
Posted on Fri, 17 Nov 2023 19:01:00 +0530
FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
The U.S. Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud...
More details.
Posted on Fri, 17 Nov 2023 18:07:00 +0530
Discover 2023's Cloud Security Strategies in Our Upcoming Webinar - Secure Your Spot
In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone.
In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar: 'Navigating the Cloud Attack Landscape: 2023 Trends, Techniques, and Tactics...
More details.
Posted on Fri, 17 Nov 2023 16:00:00 +0530
27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain...
More details.
Posted on Fri, 17 Nov 2023 15:26:00 +0530
U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem
U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to infiltrate targets...
More details.
Posted on Fri, 17 Nov 2023 13:02:00 +0530
CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild...
More details.
Posted on Fri, 17 Nov 2023 11:27:00 +0530
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens.
"Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News...
More details.
Posted on Thu, 16 Nov 2023 21:39:00 +0530
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat (APT).
Cybersecurity company NSFOCUS has described DarkCasino as an "economically motivated" actor that first came to light in 2021...
More details.
Posted on Thu, 16 Nov 2023 19:21:00 +0530
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors.
The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC)...
More details.
Posted on Thu, 16 Nov 2023 17:33:00 +0530
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.
Posted on Wed, 31 Aug 2022 12:57:48 +0000
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.
Posted on Tue, 30 Aug 2022 16:00:43 +0000
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.
Posted on Mon, 29 Aug 2022 14:56:19 +0000
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.
Posted on Fri, 26 Aug 2022 16:44:27 +0000
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.
Posted on Thu, 25 Aug 2022 18:47:15 +0000
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.
Posted on Wed, 24 Aug 2022 14:17:04 +0000
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.
Posted on Tue, 23 Aug 2022 13:19:58 +0000
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.
Posted on Mon, 22 Aug 2022 13:59:06 +0000
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.
Posted on Fri, 19 Aug 2022 15:25:56 +0000
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.
Posted on Thu, 18 Aug 2022 14:31:38 +0000
How to delete an account from Instagram?
We all have social media accounts and use them to share photos, videos, and thoughts with the world. But what if you no longer want that account to be accessible?...
The post How to delete an account from Instagram? appeared first on Hacker Combat ...
More details.
Posted on Tue, 27 Dec 2022 11:50:58 +0000
Which team is responsible for debriefing after a cyber attack?
Cybersecurity is a rapidly growing field with a lot of potential. Not only do cyberattacks have the potential to devastate an organization financially, but they can also compromise sensitive data...
The post Which team is responsible for debriefing after a cyber attack? appeared first on Hacker Combat ...
More details.
Posted on Mon, 19 Dec 2022 12:52:06 +0000
Swimlane introduces an OT security automation ecosystem
The launch of a security automation solution ecosystem for operational technology (OT) environments was announced on Monday by Swimlane, a provider of security orchestration, automation, and response (SOAR)...
More details.
Posted on Tue, 15 Nov 2022 14:01:58 +0000
CISA Urges Organizations to Implement Phishing-Resistant MFA
By deploying phishing-resistant multi-factor authentication (MFA) and number matching in MFA applications, organisations may defend themselves against phishing and other attacks, according to recommendations provided by the US Cybersecurity and...
More details.
Posted on Wed, 02 Nov 2022 13:52:10 +0000
Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers
ConnectWise, a company that makes software for IT management, made an announcement on Friday about updates that address a significant vulnerability. According to cybersecurity professionals, this weakness leaves thousands of...
More details.
Posted on Mon, 31 Oct 2022 12:46:17 +0000
After hackers threatened to target celebrities, Medibank confirmed the impact of a larger cyberattack
On Tuesday, Australian private insurer Medibank stated that a recent disclosed cyberattack affects more customers’ data than first believed. Days after hackers vowed to target celebrities, the announcement was made...
More details.
Posted on Tue, 25 Oct 2022 11:37:08 +0000
WordPress Security Update 6.0.3 Patches 16 Vulnerabilities
This week, WordPress 6.0.3 began to be distributed. The most recent security update fixes 16 flaws. In addition to addressing open redirect, data exposure, cross-site request forgery (CSRF), and SQL.....
More details.
Posted on Wed, 19 Oct 2022 13:46:17 +0000
Toyota Discloses Data Breach Impacting Source Code
Toyota, a Japanese automaker, has identified a security breach involving source code stored on GitHub that may have given third parties access to some 300,000 customer email addresses. According to...
The post Toyota Discloses Data Breach Impacting Source Code appeared first on Hacker Combat ...
More details.
Posted on Tue, 11 Oct 2022 13:33:13 +0000
A critical vulnerability in vm2 Allow a Remote Attacker to Escape The Sandbox
Vm2, a JavaScript sandbox package that receives more than 16 million downloads each month, provides the synchronous execution of untrusted code within a single process. Security researchers at Oxeye found...
More details.
Posted on Mon, 10 Oct 2022 12:11:54 +0000
123K Individuals Data Exposed in Tucson Data Breach
The Tucson Data Breach is a recent data breach that occurred in the city of Tucson, Arizona. The breach affected approximately 1.2 million individuals, who had their personal information exposed....
The post 123K Individuals Data Exposed in Tucson Data Breach appeared first on Hacker Combat ...
More details.
Posted on Thu, 06 Oct 2022 14:32:53 +0000
How I Introduced the Cybersecurity World to a Cold War Hero
If you told me a year ago that I would meet a cold war hero at a birthday
party, I wouldn’t have believed you. And I would be even more skeptical if
you told me she would be an unintimidating, approachable music professor
with an infectious smile...
More details.
Posted on Thu, 30 Jun 2022 00:39:31 +0000
log4shell
UPDATED December 16, 2021
If you are reading this, you likely have heard about Log4Shell, the
December, 2021 critical zero-day remote-code execution vulnerability in the
popular Log4j software library that is developed and maintained by the
Apache Software Foundation...
More details.
Posted on Tue, 14 Dec 2021 18:56:34 +0000
Hacking Humble Bundle
Last year, Humble Bundle teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking ebooks for as little as one
dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks...
More details.
Posted on Tue, 30 Nov 2021 17:11:00 +0000
Cybersecurity Awareness Month 2021
October is Cybersecurity Awareness Month and Breast Cancer Awareness Month.
Since this is a cybersecurity blog, we will focus on cybersecurity but
let’s take a moment to talk about the important topic of breast cancer...
More details.
Posted on Fri, 01 Oct 2021 16:58:53 +0000
Colonial Pipeline: Lessons Learned
The Colonial Pipeline ransomware attack took down the largest fuel pipeline
in the United States and resulted in consumer hoarding of fuel and a
short-term shortage of gasoline on the east coast of the U...
More details.
Posted on Fri, 04 Jun 2021 21:23:00 +0000
President Biden's Cybersecurity Executive Order
Aiming to improve cybersecurity in the United States, President Biden
signed an executive order (EO) on May 12, 2021. Although the EO focuses on
U.S. federal departments’ and agencies’ cybersecurity, it will likely
result in standards that will change the way the private sector manages
cybersecurity within the United States and globally...
More details.
Posted on Fri, 28 May 2021 19:08:00 +0000
World Password Day - May 6, 2021
It’s World Password Day!
Are your passwords strong enough?
Do you have a long, unique password for every account?
Do you use multi-factor authentication where available?
If you answered, “no”...
More details.
Posted on Thu, 06 May 2021 13:30:00 +0000
Facebook Leak Leads To Smishing
I have always considered myself pretty lucky in that I rarely receive
fraudulent text messages. That luck recently ran out. Over the past few
weeks I have noticed an uptick in the number of SMS phishing (smishing)
messages that I receive on my phone...
More details.
Posted on Mon, 05 Apr 2021 14:42:00 +0000
2021 Cybersecurity Report Roundup
Annual cybersecurity reports are a rich resource of statistics and
information for cybersecurity professionals, academics, journalists and
anyone who is interested in cybersecurity. Below is a categorized...
More details.
Posted on Fri, 02 Apr 2021 12:27:00 +0000
2021 Top Cybersecurity Leaders
The March 2021 issue of Security magazine, partnering with (ISC)2, featured
their inaugural list of the Top Cybersecurity Leaders for 2021. As the
author of this blog, I am both humbled and honored, to not only be part of
the inaugural team, but also to be recognized with these accomplished
cybersecurity professionals...
More details.
Posted on Sun, 07 Mar 2021 19:54:37 +0000
ILoveYou.txt.vbs
Since today is known for love, let’s look back 21 years to one of the more
destructive, costly and famous viruses in history. The “ILoveYou” worm,
also known as the “Love Bug” or “Love Letter For You” infected more than
ten million Windows computers, beginning on May 5, 2000...
More details.
Posted on Sun, 14 Feb 2021 19:36:17 +0000
Safer Internet Day 2021
Tuesday, February 9th, 2021, marks the 18th edition of Safer Internet Day
with the theme "Together for a better Internet." Safer Internet Day (SID)
started as an EU SafeBorders project in 2004 and is now celebrated in
approximately 170 countries worldwide...
More details.
Posted on Tue, 09 Feb 2021 16:00:00 +0000
Happy New Year!
2020 was a difficult year and Between The Hacks wants to congratulate
everyone who pulled through the challenges. We have all lived through a
year that delivered a global pandemic, civil unrest, and...
More details.
Posted on Thu, 31 Dec 2020 20:58:00 +0000
Merry Christmas & Happy Holidays
Merry Christmas and Happy Holidays from Between The Hacks!
Whether you celebrate Christmas, Hanukkah, Kwanza or Festivus, we hope you
and your family are doing well, staying healthy and surviving 20...
More details.
Posted on Fri, 25 Dec 2020 02:51:00 +0000
BTH News 20December2020
This week on Between The Hacks: The SolarWinds hack explained in plain
English, D-Link router vulnerabilities, Google explains their global
outage, 28 malware-infected browser extensions and cybercrime book for the
security enthusiast on your gift list...
More details.
Posted on Sun, 20 Dec 2020 15:20:00 +0000
SolarWinds Hack: The Basics
By now you have probably heard about the SolarWinds supply-chain compromise
that has impacted government and businesses all over the world. This story
is still unfolding so I won’t try to explain everything in detail, rather,
I’ll attempt to explain the situation for the less-technical reader and
link to some resources so that you can follow the story...
More details.
Posted on Tue, 15 Dec 2020 16:35:12 +0000
BTH News 13December2020
This week on Between The Hacks: A dental data breach, the U.S. IoT Security
Law, a 2020 Microsoft vulnerability report, the final sunset of Adobe
Flash, Rebooting by Lisa Forte and the Smashing Security Christmas party...
More details.
Posted on Sun, 13 Dec 2020 21:30:00 +0000
The U.S. IoT Cybersecurity Improvement Act Becomes Law
An important step toward securing the Internet was achieved on December 4,
2020, when President Trump signed an IoT security bill into law. The
Internet of Things Cybersecurity Improvement Act of 2020 has been in the
works since 2017 and was passed by the U...
More details.
Posted on Wed, 09 Dec 2020 17:53:34 +0000
HACKING 101 Humble Bundle
Now that Black Friday and Cyber Monday are over, you may still be searching
for some great deals. If so, you’ll hardly find a better deal than this
one. Humble Bundle has teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking e-books for as little as one
dollar...
More details.
Posted on Tue, 01 Dec 2020 14:57:33 +0000
HAPPY THANKSGIVING 2020
Between The Hacks would like to thank all of those who read, share, and
make this blog possible. Please have a safe and happy Thanksgiving and be
secure when shopping this holiday season.
More details.
Posted on Thu, 26 Nov 2020 17:44:18 +0000
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules...
More details.
Posted on Thu, 26 Jan 2023 11:21:59 +0000
YouTube disrupted in Pakistan as former PM Imran Khan streams speech
NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA)...
More details.
Posted on Mon, 22 Aug 2022 05:04:16 +0000
Recommendations for Parents about Cyber Bullying
Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior...
More details.
Posted on Wed, 20 Oct 2021 06:36:27 +0000
WhatsApp, Facebook, Instagram server down in Pakistan?
Facebook-owned social media platforms, WhatsApp, Facebook, and Instagram are facing a worldwide outage, according to Downdetector, which offers real-time status and outage information for all kinds of services...
More details.
Posted on Mon, 04 Oct 2021 17:32:57 +0000
Cloudflare reports record-breaking HTTP-request DDoS attack
Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17...
More details.
Posted on Sun, 22 Aug 2021 19:26:02 +0000
Microsoft announces recipients of academic grants for AI research on combating phishing
Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools,...
More details.
Posted on Sat, 19 Jun 2021 15:34:29 +0000
SOC as a Service Market by Component, Service Type (Prevention, Detection, & Incident Response),
The SOC as a Service market place is actually projected to grow from USD 471 million in 2020 to USD 1,656 million by 2025, at a Compound Annual Growth Rate (CAGR) of 28.6 % throughout the forecast period...
More details.
Posted on Fri, 12 Mar 2021 11:45:16 +0000
Twitter Maliciously Violates Russian Law, State Censor Says
Russia’s state communications regulator on Monday has accused Twitter of maliciously violating Russian law by failing to draw down thousands of tweets containing banned info. Based on Roskomnadzor, Twitter hasn’t deleted 2,862 posts out of the over 28,000 requests for removal the agency has sent after 2017...
More details.
Posted on Wed, 10 Mar 2021 08:31:15 +0000
5 Important Concepts of Cyber Security
Cyber Security Concepts Computer security, cyber security or any other related terminology is the protection of computers from any harm or damage, either physical or otherwise, by unauthorized users. These...
More details.
Posted on Wed, 30 Sep 2020 10:56:40 +0000
A Guide to Physical Security Threats and Physical Protection of Data in 2020
In this guide to physical threats and physical protections of data, we are describing physical threats can lead to One of the most common physical threats to cyber security is also one of the most overlooked and underestimated...
More details.
Posted on Tue, 22 Sep 2020 13:34:29 +0000
-
What we do and what we offer.
About penetration tests and about our news.