Your blog category
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities added are as follows… Read More »CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion… Read More »U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions
In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it… Read More »Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account
Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. “The threat… Read More »Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and… Read More »Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that… Read More »New “GoFetch” Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys
German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled narcotics, stolen data, and various cybercrime services. The Federal Criminal Police Office (aka Bundeskriminalamt or BKA)… Read More »German Police Seize ‘Nemesis Market’ in Major International Darknet Raid
The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware… Read More »N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks
The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia’s Foreign… Read More »Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor… Read More »AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking