Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany.
The Council imposed restrictive measures on three individuals involved in cyber-attacks against Estonia.
Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat actor.
Frederick Health Hospital's emergency department was not accepting new patients on Monday morning, according to a state emergency medical services website.
We dive into FleshStealer, a new strain of information-stealing malware—explaining what it is and its potential impact on organizations.
OpenAI on Tuesday announced the launch of ChatGPT for government agencies in the U.S. ...It allows government agencies, as customers, to feed “non-public, sensitive information” into OpenAI’s models while operating within their own secure hosting environments, OpenAI CPO Kevin Weil told reporters during a briefing Monday.
Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.
Key Takeaways This intrusion began with the download and execution of a Cobalt Strike beacon that impersonated a Windows Media Configuration Utility. The threat actor used Rclone to exfiltrate data…
The 2024 ransomware attack on Change Healthcare exposed the data of about 190 million people, according to an update from parent company UnitedHealth Group.
Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023.
The devices were infected with what appears to be a variant of cd00r, a publicly available "invisible backdoor" designed to operate stealthily on a victim's machine by monitoring network traffic for specific conditions before activating.
Too many Fortinet firewalls vulnerable to attack via CVE-2024-55591 are still accessible from the Internet.
Another undersea data cable, this time connecting Sweden and Latvia, has been severed in the Baltic Sea, officials from both countries said Sunday. The incident prompted Sweden to launch a criminal probe into the matter and seize a "suspect vessel" vessel headed for Russia.
A backdoor tailored to Juniper routers that hides the activation signal in regular traffic using “Magic Packets” to give access to an attacker
Analysis of payloads suggest affiliates may be using a shared codebase or common builder to deploy attacks under different RaaS brand names.
Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.
Russian threat actors combine domain name vulnerabilities with hidden router proxy techniques to scale their attacks while remaining shielded from detection.
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
IMPORTANT: SonicWall PSIRT has been notified of possible active exploitation of the referenced vulnerability by threat actors. We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability.
Please note that SonicWall Firewall and SMA 100 series products are not affected by this vulnerability.
SpearTip Security Operations Center, together with the SaaS Alerts team, identified an emerging threat involving the fastHTTP library
In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.
Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface for web documents.
