Organizations with distributed workforces are increasingly reliant on cloud-based productivity platforms like Microsoft 365 and Google Workspace for email, file sharing, and collaboration. Read on to learn how Sophos’ new integration with Google Workspace can help defend against advanced attacks against your business-critical productivity tools. Detect and respond to threats targeting your Google Workspace environments…
Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet’s infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler ThreatLabz said in an analysis published this month. “The new version of Zloader…
Some 45,000 Internet-exposed Jenkins servers remain unpatched against a critical, recently disclosed arbitrary file-read vulnerability for which proof-of-exploit code is now publicly available. CVE-2024-23897 affects the built-in Jenkins command line interface (CLI) and can lead to remote code execution on affected systems. The Jenkins infrastructure team disclosed the vulnerability, and released updated version software, on…
Thousands of students in New Jersey were unable to attend school Monday after a cybersecurity incident caused technical difficulties across the Freehold Township School District, administrators said. Superintendent of Schools Neal Dickstein sent an email to families late Sunday night announcing that classes were canceled for the entire district, which includes an early childhood learning…
The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. Vladimir Dunaev was extradited to the U.S. in October 2021. Dunaev, also known as FFX, was involved in the development of a browser injection module for…
Black Kite, the leader in third-party cyber risk intelligence, today unveiled the industry’s first monthly ransomware dashboard, featuring crucial insights for security teams, media, analysts, and other industry leaders. The resource provides data, graphs, trends, and key insights from Black Kite’s threat intelligence team about the top ransomware groups, their victims, and attack patterns. Black…
Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what organizations can do to protect against threat actors using malicious OAuth apps to hide their activity…
A U.S. federal judge sentenced a Russian national to five years and four months in prison for his role in developing TrickBot malware, which is used to target businesses, schools and hospitals across the country. Vladimir Dunaev in the U.S. District Court for the District of Northern Ohio in December pleaded guilty to one count…
GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited to hijack an account without any interaction. “An issue has been discovered in GitLab CE/EE…
Fresh malware targeting Apple users in the US and Germany is infecting Bitcoin and Exodus cryptowallet applications with a Trojan distributed through pirated software, according to Kaspersky researchers. The malware is delivered via cracked applications and can replace Exodus and Bitcoin cryptowallet applications installed on the user’s machine with infected versions that steal secret recovery…
Sophos MDR and Sophos XDR now integrate with Google Workspace
