Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.

Cybersecurity in healthcare is a very real threat with the potential to severely disrupt patient care, place extra burden on an already strained system, and result in significant financial losses for a hospital or healthcare network. In October 2020, on the backdrop of the ongoing COVID-19 pandemic, our institution experienced one of the most significant cyberattacks on a healthcare system to date, lasting for nearly 40 days. By sharing our experience in radiology, and specifically in breast imaging, including the downtime procedures we relied upon and the lessons that we learned emerging from this cyberattack, we hope to help future victims of a healthcare cyberattack successfully weather such an experience.

The SMB 1/2/3 protocols allow clients to connect to named
pipes via the IPC$ (Inter-Process Communication) share
for the process of inter-process communication between
SMB clients and servers.

BLOODALCHEMY is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.

CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.

Learn what LinkedIn Smart Links are and how they're being used to bypass email security gateways. Get up-to-date information on this credential phishing threat

During the month of September, an attacker operating under the pseudonym "kohlersbtuh15", attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and the code contained within them, it appears that this attacker targeted developers that use Aliyun services (Alibaba Cloud), telegram, and AWS.

Discover how we’re securing authentication and reducing NTLM usage in Windows.

Discover the latest waves of the ongoing Balada Injector malware campaign targeting unpatched tagDiv premium WordPress themes. Dive into the technical details of the injected scripts, explore their functionality, and understand the potential threats they pose to site administrators.

Valve has added a new security layer for developers who publish their games on Steam after a few had their accounts hacked.

The Intellexa Alliance is the name of the shady group of European companies that supplies dictators and despots with cyberweapons. The mass spyware attacks have also been lucrative for some in Germany.

FortiGuard Labs unmasks IZ1H9 and explores the aggressive exploits in the Mirai-Based DDoS Campaign

This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected

Akamai researchers have discovered a novel obfuscation technique that Magecart attackers are using to hide malicious code and infiltrate websites.

There is no shortage of researchers and industry titans willing to warn us about the potential destructive power of artificial intelligence. Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks—and the steps we need to take to mitigate them.

At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.

A few days ago, ZDI went public with no less than six 0days in the popular mail server Exim. Ranging from ‘potentially world-ending' through to ‘a bit of a damp squib’, these bugs were apparently discovered way back in June 2022 (!) - but naturally got caught up in the void between the ZDI and Exim for quite some time. Mysterious void.

The Red Cross writes rules of engagement for civilian hackers as numbers rise

• Cybersecurity Firm Human Security has discovered malware on dozens of streaming devices and iOS/Android apps.
• A huge number of Android TV boxes contain malware capable of conducting ad fraud, creating fake accounts, and selling access to home networks.
• Researchers found that the malware they have dubbed Badbox is not only tricky to detect but difficult to remove as well.
• Android TV box users must prefer installing apps from reliable sources and keep their devices up-to-date.
• Human Security has already shared details of its findings with concerned law enforcement agencies.

In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related incident response engagements were associated with the use of stolen credentials.