threats Archives - Page 3 of 34 - Cyber Security Minute

Why the Culture Shift on Privacy and Security Means Today’s Data Looks Different

Issued by: Dark Reading

Over the past 15 years, several events have reshaped how we think about data — what it means from a business perspective and what rights individuals have regarding how their personal information is used. Data security governance undoubtedly will play a large role in the future; however, conversations are still in relatively early stages. In…

Malware & Threats

Killnet Gloats About DDoS Attacks Downing Starlink, White House

Issued by: Dark Reading

Killnet and its band of hacker collaborators are claiming they were able to pull off a trio of symbolic distributed denial-of-service (DDoS) attacks aimed at punishing some of the most critical supporters of Ukraine against the Russian invasion — Elon Musk’s Starlink satellite broadband service and the websites of the White House in the US…

Malware & Threats

Time to Get Kids Hacking: Our 2022 Holiday Gift Guide

Issued by: Dark Reading

Whether cybersecurity professionals, software developers, hardware tinkerers, or all of the above, hacker parents are some of the best “recruiters” for the future of tomorrow’s cyber workforce. If you’re one such pro seeking out a gift that’s not just fun but also gets your kid thinking like a hacker, we’ve got the gift guide for…

Malware & Threats

US Government Details Tools Used by APTs in Defense Organization Attack

Issued by: Security Week

The information was collected when CISA investigated the hacking of a defense industrial base organization’s enterprise network between November 2021 and January 2022. The investigation, conducted in collaboration with a third-party incident response firm, revealed that multiple threat groups had compromised the victim’s network and some of them had access for at least one year….

Vulnerabilities

15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected

Issued by: Security Week

The vulnerability in question is CVE-2007-4559, initially described as a directory traversal vulnerability in Python’s ‘tarfile’ module that could allow an attacker to remotely overwrite arbitrary files by convincing users to process specially crafted tar archives. The flaw was never properly patched and instead users were warned not to open archive files from untrusted sources….

Network Security

AMTSO Publishes Guidance for Testing IoT Security Products

Issued by: Security Week

The Guidelines for Testing of IoT Security Products cover the principles for testing security products for IoT, recommendations on setting up testing environments, the testing for specific security functionality, and performance benchmarking. The document encourages testers to focus on validating the end result and the performance of the provided protections and not to differentiate products…

Application Security, Software Security

The Makings of a Successful Threat-Hunting Program

Issued by: Dark Reading

Over the last few years, an influx of high-profile industry security issues (PDF) have placed offensive tactics among the top priorities for corporations to help mitigate the risk of a potential attack. With many companies opting to continue remote and hybrid working environments, potential security risks cannot go ignored or be left to chance, and…

Malware & Threats

Evasive ‘DarkTortilla’ Crypter Delivers RATs, Targeted Malware

Issued by: Security Week

Likely active since 2015, DarkTortilla was designed to keep malicious payloads hidden from detection software, and was previously seen delivering remote access trojans (RATs) and information stealers – AgentTesla, AsyncRat, NanoCore, and RedLine – as well as targeted payloads such as Cobalt Strike and Metasploit. Highly configurable and complex, the crypter can also be used…

Malware & Threats

Ransomware is not going anywhere: Attacks are up 24%

Issued by: Help Net Security

Avast released a report revealing a significant increase in global ransomware attacks, up 24% from Q1/2022. Researchers also uncovered a new zero-day exploit in Chrome, as well as signals how cybercriminals are preparing to move away from macros as an infection vector. Ransomware attacks increase After months of decline, global ransomware attacks increased significantly in…

Malware & Threats

LofyLife: malicious packages in npm repository | Kaspersky official blog

Issued by: Kaspersky Blog

Open-source code is a blessing for the IT industry — it helps programmers save time and build products faster and more efficiently by eliminating the need of writing repetitive common code. To facilitate this knowledge sharing, there are repositories — open platforms where any developer can publish their own packages with their code to speed…