RansomwareOperation Endgame claims 300 domains in mass takedown effortAn ongoing international effort against cybercrime operators has announced a mass takedown of ransomware networks.
Cloud SecurityCISA warns of attacks on Commvault’s Microsoft Azure environmentCISA believes the attacks on Commvault Azure environments may be part of a larger campaign to target SaaS vendors.
IdentityMicrosoft dials up Uncle Sam to take down LummaC2 malware backboneThe U.S. Department of Justice teamed up with Microsoft to take down the backbone of a prolific malware operator.
Cloud SecurityHow CIS Hardened Images secure systems and reduce costsCIS Hardened Images are virtual machine images hardened with the globally recognized secure configuration recommendations of the CIS Benchmarks.
Critical Infrastructure SecurityTrimble Cityworks zero-day attacks on US local governments detailedAnalysis revealed the deployment of various backdoors by suspected Chinese-speaking threat actors.
Critical Infrastructure SecurityRussian hackers targeting Western logistics, tech support of UkraineAPT28 aims to infiltrate the networks of military groups and private contractors.
IdentitySEO poisoning campaign swipes direct deposits from employeesPhishing pages targeting mobile devices showed up at the top of Google search results.
Security OperationsNew research reveals flaws in security team performance metrics IDC's survey of 900 security leaders reveals widespread use of volume-based metrics for team performance. How do we shift from measuring activity to measuring true impact?
Vulnerability ManagementCrawlomatic WordPress plugin patched for critical 9.8 RCE flawArbitrary file upload is made possible by a missing file type validation.
Application securityGoogle Calendar used as middleman for stealthy NPM malwareThe malicious package also uses Unicode steganography to evade detection.
Proactive law enforcement takedowns in 2024 reshaped the cybercrime ecosystemDon Smith December 30, 2024