All the latest blog posts from the most relevant cyber security companies in the business.

Cyberattackers are hiding behind the QuickBooks brand to disguise their malicious activity, researchers are warning. The effort is a “double-spear” approach that packs a one-two punch: Stealing phone numbers and making off with cash via bogus credit-card payments. The popular accounting software allows customers to sign up for cloud accounts, from which they can send…

Researchers have discovered a denial-of-service (DoS) vulnerability in Envoy Proxy, which gives attackers the opportunity to crash the proxy server. This could lead to performance degradation or unavailability of resources handled by the proxy, according to JFrog Security Research, which disclosed the vulnerability (CVE-2022-29225). Envoy is a widely used open source edge and service proxy…

The new feature, named Rapid Security Response, will become available in the upcoming iOS 16 and macOS Ventura, both scheduled for release in late 2022. According to Apple, important security updates will be delivered to iPhones and Macs in between standard software updates. In addition, they can be applied automatically and they do not require…

NXM Labs, Inc., a leader in advanced cybersecurity software for connected devices, today unveiled its NXM Autonomous Security(TM) platform that prevents hackers from gaining unauthorized access to commercial, industrial, medical, or consumer internet of things (IoT) devices. Tested in collaboration with the Jet Propulsion Laboratory (JPL), California Institute of Technology (Caltech), NXM successfully demonstrated the…

Titaniam, Inc., the industry’s most advanced data security platform, announced today the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organizations have an existing set of prevention, detection, and backup solutions, nearly 40% of organizations have been hit with ransomware attacks in the last year, and more than…

Attackers once focused on exploiting ProxyLogon Microsoft Exchange server vulnerabilities have made a pivot to the new SessionManager backdoor, which can be used to gain persistent, undetected access to emails — and even take over the target organization’s infrastructure. Researchers from Kaspersky today report the emergence of SessionManager, which they say is part of a…

The threat associated with nation-state-backed hacking groups has been well-researched and chronicled in recent times, but there’s another, equally dangerous set of adversaries that’s operated comparatively in the shadows for years. These are hack-for-hire groups that specialize in breaking into systems and stealing email and other data as a service. Their clients can be private…

Courtesy of the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education and Training Assistance Program (CETAP) grant, the program will include a series of summer camps meant to introduce students aged 13 to 21 to key cybersecurity topics and help them develop skills that will allow them to pursue potential careers in the industry. The program…

The 2022 CWE Top 25 Most Dangerous Software Weaknesses list contains the most common and impactful weaknesses, and is based on the analysis of nearly 38,000 CVE records from the previous two years. Out-of-bounds write and cross-site scripting (XSS) remain the two most dangerous vulnerabilities. Some of the most significant changes include race conditions moving…

The risks presented by ransomware and cyber extortion events have likely found a place in your own security team’s discussions, and rightfully so. Ransomware attacks have proliferated in the last decade. The numbers are staggering if not overwhelming, and make it abundantly clear that ransomware attacks are not a threat that any organization, however big…