Network SecurityLaw enforcement takes down ‘DDoS-for-Hire’ sites in Operation PowerOFFSteve ZurierDecember 12, 2024Europol leads 15-nation effort to neutralize attacks before the Christmas holidays go into full swing.
IdentityCritical ‘AuthQuake’ bug let attackers bypass Microsoft MFASteve ZurierDecember 11, 2024Oasis researchers say they reported the bug in June – and Microsoft patched it in October.
Malware‘AppLite Banker’ lures victims with job offers, infects devices with trojanSteve ZurierDecember 10, 2024Banking trojan gives attackers access to corporate credentials, apps, and data when employees run remote access sessions on their Androids.
Critical Infrastructure SecurityRussian hacktivists target oil, gas and water sectors worldwideSteve ZurierDecember 9, 2024Two Russian groups targeting critical infrastructure in U.S. and at least nine other countries.
Governance, Risk and ComplianceFCC to telecoms: Secure your networks from hacks like China’s Salt TyphoonSteve ZurierDecember 6, 2024There’s bipartisan support for a tougher stance on China’s attacks on U.S. telecoms, including issuing stiff fines.
Network SecurityExchange Servers targeted in intel-gathering op on US company in ChinaSteve ZurierDecember 5, 2024China-based threat actor targeted Exchange servers, suggesting they aimed to gather intelligence by harvesting emails.
Network SecurityVeeam patches bugs in VSPC, one leading to remote code executionSteve ZurierDecember 4, 2024In patching a 9.9 bug and a high-severity flaw, Veeam said the only available remedy is to apply the patches.
Network SecurityCisco warns of continued exploitation of 10-year-old ASA bugSteve ZurierDecember 3, 2024Flaw in WebVPN login page of Cisco ASA software exploited in the wild shows how even 10-year-old medium-severity bugs should be patched.
IdentityMicrosoft 365 credentials stolen via adversary-in-the-middle campaignSteve ZurierDecember 2, 2024Threat actor uses leveraging the Rockstar 2FA phishing-as-a-service and bypasses MFA.
Ransomware‘Tis the season for website cloning tools, RCEs and AI phishing luresSteve ZurierNovember 27, 2024Security pros warn retailers to monitor APIs for irregularities to guard against sudden price fluctuations or inventory control issues.