Cyber Security Minute

Announcement Center

October 3, 2023

VMware Named a Leader in the 2023 Gartner® Magic Quadrant™ for SD-WAN for the Sixth Year in a Row

PALO ALTO, Calif. – VMware, Inc. (NYSE: VMW) today announced that it has been positioned by Gartner, Inc. as a Leader in the 2023 Gartner Magic Quadrant for SD-WAN—marking it the sixth consecutive year VMware has been named a Leader in the report. Cloud-native by design, VMware SD-WAN and VMware SASE enable enterprises to deliver more consistent, secure,…

October 2, 2023

Fortinet to Announce Third Quarter 2023 Financial Results

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, announced that it will hold a conference call to discuss its third quarter 2023 financial results on Thursday, November 2, at 1:30 p.m. Pacific Time (4:30 p.m. Eastern Time). Fortinet’s financial results conference call will be broadcast live in listen-only mode on the company’s investor…

September 29, 2023

ESET Research: North Korea-linked Lazarus impersonates Meta on LinkedIn to attack an aerospace company in Spain

BRATISLAVA, PRAGUE — September 29, 2023 — ESET researchers have uncovered a Lazarus attack against an aerospace company in Spain, in which the group deployed several tools, most notably the newly discovered backdoor named LightlessCan by ESET. Operators of the North Korea-linked Lazarus group obtained initial access to the company’s network last year after a successful…

A phishing campaign targets Ukrainian military entities with drone manual lures

September 25, 2023 5:44 pm

Advertisement Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154. The MerlinAgent is an open-source C2 toolkit written in Go,...

ASPM Is Good, But It’s Not a Cure-All for App Security

September 22, 2023 12:00 am

Advertisement Application security posture management (ASPM) is a method of managing and improving the security of software applications. It encompasses the processes, tools, and practices designed to identify, classify, and mitigate security vulnerabilities across an application’s life cycle. It includes scanning for vulnerabilities, tracking identified vulnerabilities, managing patch processes, and implementing continuous monitoring and improvement...

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

September 15, 2023 4:14 am

Advertisement Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate...

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Issued by: The Hacker News

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. "There are...

Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials

Issued by: Dark Reading

Threat actors are using messages sent from Dropbox to steal Microsoft user credentials in a fast-growing business email compromise (BEC) campaign. The effort evades natural language processing (NLP)-based security scans, and demonstrates the rapid evolution of these types of attacks. Researchers at Check Point Harmony...

KillNet Claims DDoS Attack Against Royal Family Website

Issued by: Dark Reading

The official website of the UK royal family was subject to a distributed denial-of-service (DDoS) attack on the morning of Sunday, Oct. 1, thanks to pro-Russian hacktivists. The resulting downtime for royal.uk began around 10 a.m. BST, and only lasted for around 90 minutes. As...

Addressing AI and Security Challenges With Red Teams: A Google Perspective

Issued by: Dark Reading

In our digital world, the security landscape is in a constant state of flux. Advances in artificial intelligence (AI) will trigger a profound shift in this landscape, and we must be prepared to address the security challenges associated with new frontiers of AI innovation in...

Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar

Issued by: The Hacker News

Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the...

Cyber Security Minute

Addressing AI and Security Challenges With Red Teams: A Google Perspective

Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar

Chinese Hackers Target Routers in IP Theft Campaign

A phishing campaign targets Ukrainian military entities with drone manual lures

ASPM Is Good, But It’s Not a Cure-All for App Security

Canada Confirms DDoS Attack Disrupted Airport Arrival Kiosks

Announcement Center

VMware Named a Leader in the 2023 Gartner® Magic Quadrant™ for SD-WAN for the Sixth Year in a Row

Fortinet to Announce Third Quarter 2023 Financial Results

ESET Research: North Korea-linked Lazarus impersonates Meta on LinkedIn to attack an aerospace company in Spain