Continuous Security Validation with Penetration Testing as a Service (PTaaS)

Validate security continuously across your full stack with Pen Testing as a Service. In today’s modern security operations center (SOC), it’s a battle between the defenders and the cybercriminals. Both are using tools and expertise – however, the cybercriminals have the element of surprise on their side, and a host of tactics, techniques, and procedures […]

U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

The U.K. Electoral Commission on Tuesday disclosed a « complex » cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. « The incident was identified in October 2022 after suspicious activity was detected on our systems, » the regulator said. « It […]

Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm Aqua, in a report shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized organizations, with a smaller subset tied to bigger companies, spanning financial, aerospace, automotive, industrial, and security sectors

New Report Exposes Vice Society’s Collaboration with Rhysida Ransomware

Tactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society, including in their targeting of education and healthcare sectors. « As Vice Society was observed deploying a variety of commodity ransomware payloads, this link does not suggest that Rhysida is exclusively used by Vice Society, but shows with at […]

New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks

Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet. The search giant said it’s introducing a second user setting to turn off support, at the model level, for null-ciphered cellular connections. « The Android Security Model assumes that all networks […]

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company’s Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and […]

QakBot Malware Operators Expand C2 Network with 15 New Servers

The operators associated with the QakBot (aka QBot) malware have set up 15 new command-and-control (C2) servers as of late June 2023. The findings are a continuation of the malware’s infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed that 25% of its C2 servers are only active […]

Hackers Abusing Cloudflare Tunnels for Covert Communications

New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access. « Cloudflared is functionally very similar to ngrok, » Nic Finn, a senior threat intelligence analyst at GuidePoint Security, said. « However, Cloudflared differs from ngrok in that it provides a lot more usability for […]

Understanding Active Directory Attack Paths to Improve Security

Introduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks. As things tend to do, times, they are a’changin’ – and a few years back, Microsoft introduced Azure […]

New Yashma Ransomware Variant Targets Multiple English-Speaking Countries

An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely Vietnamese origin. « The threat actor uses an uncommon technique […]