Latest news about information security vulnerabilities, threats, incidents and events
Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
-
-
North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs
Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme...
More details.
Posted on Thu, 21 Nov 2024 17:34:00 +0530
Cyber Story Time: The Boy Who Cried "Secure!"
As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in the past, so today, instead of covering the “What is ASV?” I wanted to address the “Why ASV?” question...
More details.
Posted on Thu, 21 Nov 2024 17:00:00 +0530
Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures.
The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35...
More details.
Posted on Thu, 21 Nov 2024 16:30:00 +0530
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars...
More details.
Posted on Thu, 21 Nov 2024 14:46:00 +0530
Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library...
More details.
Posted on Thu, 21 Nov 2024 12:43:00 +0530
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers...
More details.
Posted on Thu, 21 Nov 2024 12:04:00 +0530
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale.
The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic...
More details.
Posted on Wed, 20 Nov 2024 18:39:00 +0530
NHIs Are the Future of Cybersecurity: Meet NHIDR
The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes...
More details.
Posted on Wed, 20 Nov 2024 17:00:00 +0530
Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction...
More details.
Posted on Wed, 20 Nov 2024 14:46:00 +0530
Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity
Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised.
The idea, the tech giant said, is to...
More details.
Posted on Wed, 20 Nov 2024 12:30:00 +0530
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks
A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection...
More details.
Posted on Wed, 20 Nov 2024 12:28:00 +0530
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
The flaws are listed below -
CVE-2024-44308 (CVSS score: 8...
More details.
Posted on Wed, 20 Nov 2024 10:07:00 +0530
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.
The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7...
More details.
Posted on Wed, 20 Nov 2024 09:54:00 +0530
Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal...
More details.
Posted on Tue, 19 Nov 2024 19:31:00 +0530
Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts
Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools.
The attacks involve the hijack of unauthenticated...
More details.
Posted on Tue, 19 Nov 2024 19:30:00 +0530
Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority
Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it...
More details.
Posted on Tue, 19 Nov 2024 17:00:00 +0530
New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems
Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus.
"Helldown deploys Windows ransomware derived from the LockBit 3...
More details.
Posted on Tue, 19 Nov 2024 15:10:00 +0530
Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign
U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information.
The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets...
More details.
Posted on Tue, 19 Nov 2024 12:32:00 +0530
Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation
Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10...
More details.
Posted on Tue, 19 Nov 2024 12:01:00 +0530
New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers
Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.
BabbleLoader...
More details.
Posted on Mon, 18 Nov 2024 22:18:00 +0530
The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think
According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12...
More details.
Posted on Mon, 18 Nov 2024 19:30:00 +0530
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)
What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people.
This week makes one thing clear: no system, no person, no organization is truly off-limits...
More details.
Posted on Mon, 18 Nov 2024 17:06:00 +0530
Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy
Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam.
The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android...
More details.
Posted on Mon, 18 Nov 2024 16:45:00 +0530
Beyond Compliance: The Advantage of Year-Round Network Pen Testing
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules...
More details.
Posted on Mon, 18 Nov 2024 16:45:00 +0530
Fake Discount Sites Exploit Black Friday to Hijack Shopper Information
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season...
More details.
Posted on Mon, 18 Nov 2024 16:26:00 +0530
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit
Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so...
More details.
Posted on Mon, 18 Nov 2024 11:22:00 +0530
Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site...
More details.
Posted on Mon, 18 Nov 2024 10:22:00 +0530
PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released
Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild...
More details.
Posted on Sat, 16 Nov 2024 13:51:00 +0530
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.
Volexity,...
More details.
Posted on Sat, 16 Nov 2024 11:55:00 +0530
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands...
More details.
Posted on Fri, 15 Nov 2024 23:27:00 +0530
Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform
Cybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud...
More details.
Posted on Fri, 15 Nov 2024 18:05:00 +0530
Live Webinar: Dive Deep into Crypto Agility and Certificate Management
In the fast-paced digital world, trust is everything—but what happens when that trust is disrupted? Certificate revocations, though rare, can send shockwaves through your operations, impacting security, customer confidence, and business continuity...
More details.
Posted on Fri, 15 Nov 2024 17:18:00 +0530
Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia
A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer...
More details.
Posted on Fri, 15 Nov 2024 16:42:00 +0530
How AI Is Transforming IAM and Identity Security
In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach...
More details.
Posted on Fri, 15 Nov 2024 16:00:00 +0530
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure...
More details.
Posted on Fri, 15 Nov 2024 12:10:00 +0530
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday.
Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10...
More details.
Posted on Fri, 15 Nov 2024 11:00:00 +0530
CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild...
More details.
Posted on Fri, 15 Nov 2024 10:34:00 +0530
Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years...
More details.
Posted on Thu, 14 Nov 2024 23:06:00 +0530
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites.
"Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said...
More details.
Posted on Thu, 14 Nov 2024 19:30:00 +0530
5 BCDR Oversights That Leave You Exposed to Ransomware
Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging...
More details.
Posted on Thu, 14 Nov 2024 17:40:00 +0530
TikTok Pixel Privacy Nightmare: A New Case Study
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations...
More details.
Posted on Thu, 14 Nov 2024 16:00:00 +0530
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed...
More details.
Posted on Thu, 14 Nov 2024 15:21:00 +0530
Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6...
More details.
Posted on Thu, 14 Nov 2024 11:13:00 +0530
Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities.
The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis...
More details.
Posted on Wed, 13 Nov 2024 21:39:00 +0530
Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware.
The decryptor is the result of a comprehensive analysis...
More details.
Posted on Wed, 13 Nov 2024 19:08:00 +0530
Comprehensive Guide to Building a Strong Browser Security Program
The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats...
More details.
Posted on Wed, 13 Nov 2024 16:30:00 +0530
OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution
A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices.
"Attackers successfully...
More details.
Posted on Wed, 13 Nov 2024 14:58:00 +0530
Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023...
More details.
Posted on Wed, 13 Nov 2024 12:44:00 +0530
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild.
The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024...
More details.
Posted on Wed, 13 Nov 2024 12:44:00 +0530
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE)
The issue, per findings...
More details.
Posted on Tue, 12 Nov 2024 19:31:00 +0530
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.
Posted on Wed, 31 Aug 2022 12:57:48 +0000
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.
Posted on Tue, 30 Aug 2022 16:00:43 +0000
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.
Posted on Mon, 29 Aug 2022 14:56:19 +0000
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.
Posted on Fri, 26 Aug 2022 16:44:27 +0000
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.
Posted on Thu, 25 Aug 2022 18:47:15 +0000
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.
Posted on Wed, 24 Aug 2022 14:17:04 +0000
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.
Posted on Tue, 23 Aug 2022 13:19:58 +0000
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.
Posted on Mon, 22 Aug 2022 13:59:06 +0000
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.
Posted on Fri, 19 Aug 2022 15:25:56 +0000
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.
Posted on Thu, 18 Aug 2022 14:31:38 +0000
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
More details.
Posted on Mon, 28 Oct 2024 04:57:20 +0000
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
More details.
Posted on Mon, 28 Oct 2024 02:43:18 +0000
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat ...
More details.
Posted on Fri, 25 Oct 2024 03:57:42 +0000
Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to...
More details.
Posted on Thu, 10 Oct 2024 12:22:16 +0000
Protect Your Devices With Free Virus Removal
Computer viruses are extremely hazardous, which is why it’s crucial to secure your devices with reliable malware removal programs. These free applications serve as your second line of defense against...
More details.
Posted on Thu, 10 Oct 2024 12:13:00 +0000
Implementing Zero Trust
Zero trust is an adaptable security framework designed to address today’s cyber security challenges. It employs microsegmentation and data-centric policies, verifying users, devices, applications irrespective of network location as well...
More details.
Posted on Tue, 08 Oct 2024 03:34:10 +0000
CDK Cyber Attack
This attack had all the hallmarks of ransomware attack and targeted CDK Global systems used by auto dealerships to manage sales, finance and service operations. Due to outdated technology, ineffective...
More details.
Posted on Mon, 07 Oct 2024 12:52:00 +0000
5 Ways to Mitigate Risk in Cybersecurity
Cybersecurity refers to practices designed to defend computers, mobile devices, electronic data storage platforms and networks against attacks such as ransomware extortion and data breaches. Preventative techniques are key in...
More details.
Posted on Mon, 09 Sep 2024 13:00:02 +0000
What is Malware
Malware refers to any form of malicious software which aims to disrupt, harm or steal private information for criminal use. Furthermore, malware can mine cryptocurrency for cybercriminals as an additional...
More details.
Posted on Mon, 09 Sep 2024 12:06:33 +0000
How to Recover an Unsaved Excel File
If your Excel file was left unsaved by accident, don’t fret – Microsoft understands mistakes happen and provides built-in functionality to help recover it. To recover an unsaved file, navigate...
More details.
Posted on Fri, 12 Jan 2024 18:27:54 +0000
AI Magic: My Blog, LinkedIn, and a 7-Minute Podcast!
So, here’s something that blew my mind: I decided to test
Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn
page and my blog, not expecting much more than a basic summary...
More details.
Posted on Mon, 30 Sep 2024 17:01:00 +0000
How I Introduced the Cybersecurity World to a Cold War Hero
If you told me a year ago that I would meet a cold war hero at a birthday
party, I wouldn’t have believed you. And I would be even more skeptical if
you told me she would be an unintimidating, approachable music professor
with an infectious smile...
More details.
Posted on Thu, 30 Jun 2022 00:39:31 +0000
log4shell
UPDATED December 16, 2021
If you are reading this, you likely have heard about Log4Shell, the
December, 2021 critical zero-day remote-code execution vulnerability in the
popular Log4j software library that is developed and maintained by the
Apache Software Foundation...
More details.
Posted on Tue, 14 Dec 2021 18:56:34 +0000
Hacking Humble Bundle
Last year, Humble Bundle teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking ebooks for as little as one
dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks...
More details.
Posted on Tue, 30 Nov 2021 17:11:00 +0000
Cybersecurity Awareness Month 2021
October is Cybersecurity Awareness Month and Breast Cancer Awareness Month.
Since this is a cybersecurity blog, we will focus on cybersecurity but
let’s take a moment to talk about the important topic of breast cancer...
More details.
Posted on Fri, 01 Oct 2021 16:58:53 +0000
Colonial Pipeline: Lessons Learned
The Colonial Pipeline ransomware attack took down the largest fuel pipeline
in the United States and resulted in consumer hoarding of fuel and a
short-term shortage of gasoline on the east coast of the U...
More details.
Posted on Fri, 04 Jun 2021 21:23:00 +0000
President Biden's Cybersecurity Executive Order
Aiming to improve cybersecurity in the United States, President Biden
signed an executive order (EO) on May 12, 2021. Although the EO focuses on
U.S. federal departments’ and agencies’ cybersecurity, it will likely
result in standards that will change the way the private sector manages
cybersecurity within the United States and globally...
More details.
Posted on Fri, 28 May 2021 19:08:00 +0000
World Password Day - May 6, 2021
It’s World Password Day!
Are your passwords strong enough?
Do you have a long, unique password for every account?
Do you use multi-factor authentication where available?
If you answered, “no”...
More details.
Posted on Thu, 06 May 2021 13:30:00 +0000
Facebook Leak Leads To Smishing
I have always considered myself pretty lucky in that I rarely receive
fraudulent text messages. That luck recently ran out. Over the past few
weeks I have noticed an uptick in the number of SMS phishing (smishing)
messages that I receive on my phone...
More details.
Posted on Mon, 05 Apr 2021 14:42:00 +0000
2021 Cybersecurity Report Roundup
Annual cybersecurity reports are a rich resource of statistics and
information for cybersecurity professionals, academics, journalists and
anyone who is interested in cybersecurity. Below is a categorized...
More details.
Posted on Fri, 02 Apr 2021 12:27:00 +0000
2021 Top Cybersecurity Leaders
The March 2021 issue of Security magazine, partnering with (ISC)2, featured
their inaugural list of the Top Cybersecurity Leaders for 2021. As the
author of this blog, I am both humbled and honored, to not only be part of
the inaugural team, but also to be recognized with these accomplished
cybersecurity professionals...
More details.
Posted on Sun, 07 Mar 2021 19:54:37 +0000
ILoveYou.txt.vbs
Since today is known for love, let’s look back 21 years to one of the more
destructive, costly and famous viruses in history. The “ILoveYou” worm,
also known as the “Love Bug” or “Love Letter For You” infected more than
ten million Windows computers, beginning on May 5, 2000...
More details.
Posted on Sun, 14 Feb 2021 19:36:17 +0000
Safer Internet Day 2021
Tuesday, February 9th, 2021, marks the 18th edition of Safer Internet Day
with the theme "Together for a better Internet." Safer Internet Day (SID)
started as an EU SafeBorders project in 2004 and is now celebrated in
approximately 170 countries worldwide...
More details.
Posted on Tue, 09 Feb 2021 16:00:00 +0000
Happy New Year!
2020 was a difficult year and Between The Hacks wants to congratulate
everyone who pulled through the challenges. We have all lived through a
year that delivered a global pandemic, civil unrest, and...
More details.
Posted on Thu, 31 Dec 2020 20:58:00 +0000
Merry Christmas & Happy Holidays
Merry Christmas and Happy Holidays from Between The Hacks!
Whether you celebrate Christmas, Hanukkah, Kwanza or Festivus, we hope you
and your family are doing well, staying healthy and surviving 20...
More details.
Posted on Fri, 25 Dec 2020 02:51:00 +0000
BTH News 20December2020
This week on Between The Hacks: The SolarWinds hack explained in plain
English, D-Link router vulnerabilities, Google explains their global
outage, 28 malware-infected browser extensions and cybercrime book for the
security enthusiast on your gift list...
More details.
Posted on Sun, 20 Dec 2020 15:20:00 +0000
SolarWinds Hack: The Basics
By now you have probably heard about the SolarWinds supply-chain compromise
that has impacted government and businesses all over the world. This story
is still unfolding so I won’t try to explain everything in detail, rather,
I’ll attempt to explain the situation for the less-technical reader and
link to some resources so that you can follow the story...
More details.
Posted on Tue, 15 Dec 2020 16:35:12 +0000
BTH News 13December2020
This week on Between The Hacks: A dental data breach, the U.S. IoT Security
Law, a 2020 Microsoft vulnerability report, the final sunset of Adobe
Flash, Rebooting by Lisa Forte and the Smashing Security Christmas party...
More details.
Posted on Sun, 13 Dec 2020 21:30:00 +0000
The U.S. IoT Cybersecurity Improvement Act Becomes Law
An important step toward securing the Internet was achieved on December 4,
2020, when President Trump signed an IoT security bill into law. The
Internet of Things Cybersecurity Improvement Act of 2020 has been in the
works since 2017 and was passed by the U...
More details.
Posted on Wed, 09 Dec 2020 17:53:34 +0000
HACKING 101 Humble Bundle
Now that Black Friday and Cyber Monday are over, you may still be searching
for some great deals. If so, you’ll hardly find a better deal than this
one. Humble Bundle has teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking e-books for as little as one
dollar...
More details.
Posted on Tue, 01 Dec 2020 14:57:33 +0000
What is a cyberattack?
What is a cyberattack? Cyberattacks aim to damage or gain control or access to important documents and systems within a business or personal computer network. Cyberattacks are distributed by individuals or organizations for political, criminal, or personal intentions to destroy or gain access to classified information...
More details.
Posted on Wed, 30 Oct 2024 04:02:41 +0000
What is SIEM ?
Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. SIEM, pronounced “sim,” combines both security information management (SIM) and security event management (SEM) into one security management system...
More details.
Posted on Tue, 29 Oct 2024 08:06:47 +0000
Cyber Security Operation Center Guidelines for best practices SOC Design
Cyber Security is become most needed services for all business and industries in 2024. Every business is concerned about Cyber Security. Security operations (SecOps) leaders face a multifaceted challenge:...
More details.
Posted on Tue, 30 Jan 2024 16:32:57 +0000
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules...
More details.
Posted on Thu, 26 Jan 2023 11:21:59 +0000
YouTube disrupted in Pakistan as former PM Imran Khan streams speech
NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA)...
More details.
Posted on Mon, 22 Aug 2022 05:04:16 +0000
Recommendations for Parents about Cyber Bullying
Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior...
More details.
Posted on Wed, 20 Oct 2021 06:36:27 +0000
WhatsApp, Facebook, Instagram server down in Pakistan?
Facebook-owned social media platforms, WhatsApp, Facebook, and Instagram are facing a worldwide outage, according to Downdetector, which offers real-time status and outage information for all kinds of services...
More details.
Posted on Mon, 04 Oct 2021 17:32:57 +0000
Cloudflare reports record-breaking HTTP-request DDoS attack
Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17...
More details.
Posted on Sun, 22 Aug 2021 19:26:02 +0000
Microsoft announces recipients of academic grants for AI research on combating phishing
Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools,...
More details.
Posted on Sat, 19 Jun 2021 15:34:29 +0000
SOC as a Service Market by Component, Service Type (Prevention, Detection, & Incident Response),
The SOC as a Service market place is actually projected to grow from USD 471 million in 2020 to USD 1,656 million by 2025, at a Compound Annual Growth Rate (CAGR) of 28.6 % throughout the forecast period...
More details.
Posted on Fri, 12 Mar 2021 11:45:16 +0000
-
What we do and what we offer.
About penetration tests and about our news.
