Latest news about information security vulnerabilities, threats, incidents and events
Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.
You can get evidence of this fact from the news below.
Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.
-
-
Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed...
More details.
Posted on Wed, 22 Jan 2025 16:01:00 +0530
President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison
U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending 11 years behind bars...
More details.
Posted on Wed, 22 Jan 2025 16:00:00 +0530
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET...
More details.
Posted on Wed, 22 Jan 2025 14:19:00 +0530
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services.
The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9...
More details.
Posted on Wed, 22 Jan 2025 12:55:00 +0530
Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices
Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date...
More details.
Posted on Wed, 22 Jan 2025 11:49:00 +0530
Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet...
More details.
Posted on Tue, 21 Jan 2025 19:30:00 +0530
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices.
The activity "take[s] advantage of misconfigured DNS records to pass email protection techniques," Infoblox security researcher David Brunsdon said in a technical report published last week...
More details.
Posted on Tue, 21 Jan 2025 18:16:00 +0530
Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity...
More details.
Posted on Tue, 21 Jan 2025 16:22:00 +0530
HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing...
More details.
Posted on Tue, 21 Jan 2025 16:00:00 +0530
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT...
More details.
Posted on Tue, 21 Jan 2025 11:15:00 +0530
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.
The AnyDesk...
More details.
Posted on Tue, 21 Jan 2025 10:57:00 +0530
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.
"Internet hosts that accept tunneling packets without...
More details.
Posted on Mon, 20 Jan 2025 20:38:00 +0530
DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks.
The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma...
More details.
Posted on Mon, 20 Jan 2025 20:23:00 +0530
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]
As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics...
More details.
Posted on Mon, 20 Jan 2025 17:32:00 +0530
Product Walkthrough: How Satori Secures Sensitive Data From Production to AI
Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data...
More details.
Posted on Mon, 20 Jan 2025 16:40:00 +0530
Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP
Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems...
More details.
Posted on Mon, 20 Jan 2025 11:15:00 +0530
TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025
Popular video-sharing social network TikTok has officially gone dark in the United States, as a federal ban on the app comes into effect on January 19, 2025.
"We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable," the company said in a pop-up message...
More details.
Posted on Sun, 19 Jan 2025 10:54:00 +0530
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency...
More details.
Posted on Sat, 18 Jan 2025 11:36:00 +0530
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices...
More details.
Posted on Fri, 17 Jan 2025 19:38:00 +0530
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation
Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia.
"Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis...
More details.
Posted on Fri, 17 Jan 2025 18:36:00 +0530
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD...
More details.
Posted on Fri, 17 Jan 2025 15:51:00 +0530
New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024...
More details.
Posted on Fri, 17 Jan 2025 15:37:00 +0530
U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions...
More details.
Posted on Fri, 17 Jan 2025 15:37:00 +0530
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China...
More details.
Posted on Fri, 17 Jan 2025 09:44:00 +0530
Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign
The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection...
More details.
Posted on Thu, 16 Jan 2025 23:42:00 +0530
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action
The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle...
More details.
Posted on Thu, 16 Jan 2025 17:55:00 +0530
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
You can tell the story of the current state of stolen credential-based attacks in three numbers:
Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks...
More details.
Posted on Thu, 16 Jan 2025 17:00:00 +0530
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems.
The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6...
More details.
Posted on Thu, 16 Jan 2025 16:53:00 +0530
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration.
"A simple...
More details.
Posted on Thu, 16 Jan 2025 16:50:00 +0530
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns.
"In both campaigns, attackers hid malicious code in images they uploaded to archive[...
More details.
Posted on Thu, 16 Jan 2025 16:45:00 +0530
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network...
More details.
Posted on Thu, 16 Jan 2025 12:15:00 +0530
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure...
More details.
Posted on Thu, 16 Jan 2025 12:09:00 +0530
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google...
More details.
Posted on Wed, 15 Jan 2025 21:18:00 +0530
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware...
More details.
Posted on Wed, 15 Jan 2025 21:07:00 +0530
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam.
The new evidence suggests that...
More details.
Posted on Wed, 15 Jan 2025 19:02:00 +0530
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client.
"Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory...
More details.
Posted on Wed, 15 Jan 2025 17:56:00 +0530
The High-Stakes Disconnect For ICS/OT Security
Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk.
In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security...
More details.
Posted on Wed, 15 Jan 2025 17:00:00 +0530
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation...
More details.
Posted on Wed, 15 Jan 2025 11:44:00 +0530
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks.
Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity...
More details.
Posted on Wed, 15 Jan 2025 10:45:00 +0530
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution.
Horizon3...
More details.
Posted on Wed, 15 Jan 2025 10:40:00 +0530
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions...
More details.
Posted on Tue, 14 Jan 2025 22:23:00 +0530
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data...
More details.
Posted on Tue, 14 Jan 2025 22:08:00 +0530
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk...
More details.
Posted on Tue, 14 Jan 2025 15:38:00 +0530
Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions
The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated...
More details.
Posted on Tue, 14 Jan 2025 14:59:00 +0530
Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet.
"The campaign involved unauthorized...
More details.
Posted on Tue, 14 Jan 2025 14:43:00 +0530
Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia...
More details.
Posted on Tue, 14 Jan 2025 14:40:00 +0530
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild...
More details.
Posted on Tue, 14 Jan 2025 08:51:00 +0530
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners.
Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10...
More details.
Posted on Mon, 13 Jan 2025 19:03:00 +0530
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself...
More details.
Posted on Mon, 13 Jan 2025 17:35:00 +0530
Ransomware on ESXi: The Mechanization of Virtualized Attacks
In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound...
More details.
Posted on Mon, 13 Jan 2025 17:00:00 +0530
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.
Posted on Wed, 31 Aug 2022 12:57:48 +0000
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.
Posted on Tue, 30 Aug 2022 16:00:43 +0000
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.
Posted on Mon, 29 Aug 2022 14:56:19 +0000
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.
Posted on Fri, 26 Aug 2022 16:44:27 +0000
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.
Posted on Thu, 25 Aug 2022 18:47:15 +0000
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.
Posted on Wed, 24 Aug 2022 14:17:04 +0000
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.
Posted on Tue, 23 Aug 2022 13:19:58 +0000
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.
Posted on Mon, 22 Aug 2022 13:59:06 +0000
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.
Posted on Fri, 19 Aug 2022 15:25:56 +0000
Google Patches Chrome’s Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.
Posted on Thu, 18 Aug 2022 14:31:38 +0000
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat ...
More details.
Posted on Fri, 13 Dec 2024 12:04:08 +0000
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
More details.
Posted on Mon, 02 Dec 2024 10:43:16 +0000
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat ...
More details.
Posted on Mon, 02 Dec 2024 07:51:03 +0000
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
More details.
Posted on Fri, 29 Nov 2024 12:53:23 +0000
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
More details.
Posted on Fri, 29 Nov 2024 11:19:32 +0000
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
More details.
Posted on Tue, 26 Nov 2024 07:46:59 +0000
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
More details.
Posted on Mon, 28 Oct 2024 04:57:20 +0000
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
More details.
Posted on Mon, 28 Oct 2024 02:43:18 +0000
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat ...
More details.
Posted on Fri, 25 Oct 2024 03:57:42 +0000
Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to...
More details.
Posted on Thu, 10 Oct 2024 12:22:16 +0000
AI Magic: My Blog, LinkedIn, and a 7-Minute Podcast!
So, here’s something that blew my mind: I decided to test
Google’s NotebookLM AI tool. I casually uploaded the URLs for my LinkedIn
page and my blog, not expecting much more than a basic summary...
More details.
Posted on Mon, 30 Sep 2024 17:01:00 +0000
How I Introduced the Cybersecurity World to a Cold War Hero
If you told me a year ago that I would meet a cold war hero at a birthday
party, I wouldn’t have believed you. And I would be even more skeptical if
you told me she would be an unintimidating, approachable music professor
with an infectious smile...
More details.
Posted on Thu, 30 Jun 2022 00:39:31 +0000
log4shell
UPDATED December 16, 2021
If you are reading this, you likely have heard about Log4Shell, the
December, 2021 critical zero-day remote-code execution vulnerability in the
popular Log4j software library that is developed and maintained by the
Apache Software Foundation...
More details.
Posted on Tue, 14 Dec 2021 18:56:34 +0000
Hacking Humble Bundle
Last year, Humble Bundle teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking ebooks for as little as one
dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks...
More details.
Posted on Tue, 30 Nov 2021 17:11:00 +0000
Cybersecurity Awareness Month 2021
October is Cybersecurity Awareness Month and Breast Cancer Awareness Month.
Since this is a cybersecurity blog, we will focus on cybersecurity but
let’s take a moment to talk about the important topic of breast cancer...
More details.
Posted on Fri, 01 Oct 2021 16:58:53 +0000
Colonial Pipeline: Lessons Learned
The Colonial Pipeline ransomware attack took down the largest fuel pipeline
in the United States and resulted in consumer hoarding of fuel and a
short-term shortage of gasoline on the east coast of the U...
More details.
Posted on Fri, 04 Jun 2021 21:23:00 +0000
President Biden's Cybersecurity Executive Order
Aiming to improve cybersecurity in the United States, President Biden
signed an executive order (EO) on May 12, 2021. Although the EO focuses on
U.S. federal departments’ and agencies’ cybersecurity, it will likely
result in standards that will change the way the private sector manages
cybersecurity within the United States and globally...
More details.
Posted on Fri, 28 May 2021 19:08:00 +0000
World Password Day - May 6, 2021
It’s World Password Day!
Are your passwords strong enough?
Do you have a long, unique password for every account?
Do you use multi-factor authentication where available?
If you answered, “no”...
More details.
Posted on Thu, 06 May 2021 13:30:00 +0000
Facebook Leak Leads To Smishing
I have always considered myself pretty lucky in that I rarely receive
fraudulent text messages. That luck recently ran out. Over the past few
weeks I have noticed an uptick in the number of SMS phishing (smishing)
messages that I receive on my phone...
More details.
Posted on Mon, 05 Apr 2021 14:42:00 +0000
2021 Cybersecurity Report Roundup
Annual cybersecurity reports are a rich resource of statistics and
information for cybersecurity professionals, academics, journalists and
anyone who is interested in cybersecurity. Below is a categorized...
More details.
Posted on Fri, 02 Apr 2021 12:27:00 +0000
2021 Top Cybersecurity Leaders
The March 2021 issue of Security magazine, partnering with (ISC)2, featured
their inaugural list of the Top Cybersecurity Leaders for 2021. As the
author of this blog, I am both humbled and honored, to not only be part of
the inaugural team, but also to be recognized with these accomplished
cybersecurity professionals...
More details.
Posted on Sun, 07 Mar 2021 19:54:37 +0000
ILoveYou.txt.vbs
Since today is known for love, let’s look back 21 years to one of the more
destructive, costly and famous viruses in history. The “ILoveYou” worm,
also known as the “Love Bug” or “Love Letter For You” infected more than
ten million Windows computers, beginning on May 5, 2000...
More details.
Posted on Sun, 14 Feb 2021 19:36:17 +0000
Safer Internet Day 2021
Tuesday, February 9th, 2021, marks the 18th edition of Safer Internet Day
with the theme "Together for a better Internet." Safer Internet Day (SID)
started as an EU SafeBorders project in 2004 and is now celebrated in
approximately 170 countries worldwide...
More details.
Posted on Tue, 09 Feb 2021 16:00:00 +0000
Happy New Year!
2020 was a difficult year and Between The Hacks wants to congratulate
everyone who pulled through the challenges. We have all lived through a
year that delivered a global pandemic, civil unrest, and...
More details.
Posted on Thu, 31 Dec 2020 20:58:00 +0000
Merry Christmas & Happy Holidays
Merry Christmas and Happy Holidays from Between The Hacks!
Whether you celebrate Christmas, Hanukkah, Kwanza or Festivus, we hope you
and your family are doing well, staying healthy and surviving 20...
More details.
Posted on Fri, 25 Dec 2020 02:51:00 +0000
BTH News 20December2020
This week on Between The Hacks: The SolarWinds hack explained in plain
English, D-Link router vulnerabilities, Google explains their global
outage, 28 malware-infected browser extensions and cybercrime book for the
security enthusiast on your gift list...
More details.
Posted on Sun, 20 Dec 2020 15:20:00 +0000
SolarWinds Hack: The Basics
By now you have probably heard about the SolarWinds supply-chain compromise
that has impacted government and businesses all over the world. This story
is still unfolding so I won’t try to explain everything in detail, rather,
I’ll attempt to explain the situation for the less-technical reader and
link to some resources so that you can follow the story...
More details.
Posted on Tue, 15 Dec 2020 16:35:12 +0000
BTH News 13December2020
This week on Between The Hacks: A dental data breach, the U.S. IoT Security
Law, a 2020 Microsoft vulnerability report, the final sunset of Adobe
Flash, Rebooting by Lisa Forte and the Smashing Security Christmas party...
More details.
Posted on Sun, 13 Dec 2020 21:30:00 +0000
The U.S. IoT Cybersecurity Improvement Act Becomes Law
An important step toward securing the Internet was achieved on December 4,
2020, when President Trump signed an IoT security bill into law. The
Internet of Things Cybersecurity Improvement Act of 2020 has been in the
works since 2017 and was passed by the U...
More details.
Posted on Wed, 09 Dec 2020 17:53:34 +0000
HACKING 101 Humble Bundle
Now that Black Friday and Cyber Monday are over, you may still be searching
for some great deals. If so, you’ll hardly find a better deal than this
one. Humble Bundle has teamed up with the great tech publisher, No Starch
Press, to offer deeply discounted hacking e-books for as little as one
dollar...
More details.
Posted on Tue, 01 Dec 2020 14:57:33 +0000
Safeguarding the Backbone of the Global Economy: OT/ICS Security in the Oil and Gas Industry
The oil and gas industry is an essential pillar of the global economy, enabling energy production, transportation, and storage that fuel every aspect of modern life. At the core of these operations lie Operational Technology (OT) and Industrial Control Systems (ICS), critical systems responsible for monitoring and controlling key industrial processes...
More details.
Posted on Sun, 12 Jan 2025 09:37:30 +0000
Detailed Guide to SOAR and SIEM
What Is SOAR? SOAR stands for Security Orchestration, Automation, and Response. It’s a cybersecurity tool designed to simplify and enhance the efficiency of IT teams by automating responses to various security threats...
More details.
Posted on Sun, 12 Jan 2025 09:20:49 +0000
What is a cyberattack?
What is a cyberattack? Cyberattacks aim to damage or gain control or access to important documents and systems within a business or personal computer network. Cyberattacks are distributed by individuals or organizations for political, criminal, or personal intentions to destroy or gain access to classified information...
More details.
Posted on Wed, 30 Oct 2024 04:02:41 +0000
What is SIEM ?
Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations. SIEM, pronounced “sim,” combines both security information management (SIM) and security event management (SEM) into one security management system...
More details.
Posted on Tue, 29 Oct 2024 08:06:47 +0000
Cyber Security Operation Center Guidelines for best practices SOC Design
Cyber Security is become most needed services for all business and industries in 2024. Every business is concerned about Cyber Security. Security operations (SecOps) leaders face a multifaceted challenge:...
More details.
Posted on Tue, 30 Jan 2024 16:32:57 +0000
HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001
ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules...
More details.
Posted on Thu, 26 Jan 2023 11:21:59 +0000
YouTube disrupted in Pakistan as former PM Imran Khan streams speech
NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA)...
More details.
Posted on Mon, 22 Aug 2022 05:04:16 +0000
Recommendations for Parents about Cyber Bullying
Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior...
More details.
Posted on Wed, 20 Oct 2021 06:36:27 +0000
WhatsApp, Facebook, Instagram server down in Pakistan?
Facebook-owned social media platforms, WhatsApp, Facebook, and Instagram are facing a worldwide outage, according to Downdetector, which offers real-time status and outage information for all kinds of services...
More details.
Posted on Mon, 04 Oct 2021 17:32:57 +0000
Cloudflare reports record-breaking HTTP-request DDoS attack
Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17...
More details.
Posted on Sun, 22 Aug 2021 19:26:02 +0000
-
What we do and what we offer.
About penetration tests and about our news.
