​GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as… Read More »GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

​A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early… Read More »New Ransomware Group Exploiting Veeam Backup Software Vulnerability

​It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks.… Read More »True Protection or False Promise? The Ultimate ITDR Shortlisting Guide

​Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild.… Read More »Microsoft’s July Update Patches 143 Flaws, Including Two Actively Exploited

​The Problem The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are:  53% of… Read More »Smash-and-Grab Extortion

​Google on Wednesday announced that it’s making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP). “Users traditionally needed a physical security key for APP —… Read More »Google Adds Passkeys to Advanced Protection Program for High-Risk Users

​Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that’s widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. “Merchants on the… Read More »Crypto Analysts Expose HuiOne Guarantee’s $11 Billion Cybercrime Transactions

​The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. “A notable aspect of the current variant of ViperSoftX is that it uses the Common… Read More »ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks

​Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is… Read More »New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

​Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity… Read More »RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks