Your blog category
A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143,… Read More »Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People’s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy… Read More »DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years
Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are… Read More »How to Generate a CrowdStrike RFM Report With AI in Tines
Iran-affiliated threat actors have been linked to a new custom malware that’s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been… Read More »Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms
Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading… Read More »New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection
The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox (“rydox.ru” and “rydox[.]cc”) for selling stolen personal information, access devices, and other tools… Read More »FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized
The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered… Read More »Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States
Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote… Read More »Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS… Read More »SaaS Budget Planning Guide for IT Professionals
Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized… Read More »Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS