A fresh wave of attacks on APAC government entities involves both self-propagating malware spreading via removable drives and a spear-phishing campaign. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Category Archives: Uncategorized
For modern applications built on Kubernetes and microservices, platform engineering is not just about building functional systems but also about embedding security into the fabric of those systems. Go to Source Author: Michelle Ensey
A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace, indicating an expansion in the scope of the espionage effort. Cybersecurity firm Sophos, which has been monitoring the cyber offensive, said it comprises three intrusion sets […]
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. Shadow apps may include instances of software that the company is already using. For […]
Researchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account. Go to Source Author: Becky Bracken, Senior Editor, Dark Reading
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the “audio gap” and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen. “Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 […]
A PRC threat cluster known as “Crimson Palace” is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain. Go to Source Author: Nate Nelson, Contributing Writer
The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed “the propagation of […]
It takes more than technical knowledge to write about cybersecurity in a way people want to read. It takes creativity, discipline, and other key skills. Go to Source Author: Joshua Goldfarb
CISA has added CE-2024-40766 to its known exploited vulnerabilities catalog. Go to Source Author: Jai Vijayan, Contributing Writer