April 28, 2024PressroomCredential stuffing/data breach Identity and access management (IAM) provider Okta has warned of a spike in the “frequency and scope” of credential stuffing attacks targeting online services. These…
Category: Cyber Security
Disruption of the leading phishing-as-a-service platform: Safe Week with Tony Anscombe
video The investigation uncovered at least 40,000 phishing domains linked to LabHost and tricked victims into providing their sensitive data April 26, 2024 One of the largest phishing-as-a-service (Phaas) platforms…
J&J spinoff CISO on maximizing cybersecurity
As a longtime cybersecurity professional at Johnson & Johnson, Mike Wagner helped shape the Fortune 100 company’s security approach and security stack. Wagner recently became Kenvue’s first CISO, the spin-off…
Chip giants finalize specifications to build security into silicon
A consortium of major chipmakers has finalized the first version of Caliptra, a specification for adding zero-trust security features directly inside the silicon. The Caliptra 1.0 specification has hardware and…
Ukraine has been targeted by a cyberattack exploiting a 7-year-old Microsoft Office flaw
April 27, 2024PressroomCyber attack/Malware Cybersecurity researchers have uncovered a targeted operation against Ukraine that exploited a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The…
Palo Alto updates fix for highly critical firewall bug
Palo Alto Networks (PAN) is sharing updated remediation information regarding a highly critical vulnerability that is being actively exploited in the wild. The vulnerability, tracked as CVE-2024-3400, has a CVSS…
What exclusion looks like in cybersecurity
Most of us don’t want to be left out of work, especially if we’re looking to innovate, collaborate and make a meaningful impact in our role. Making connections with colleagues,…
Bogus npm packages used to trick software developers into installing malware
April 27, 2024PressroomMalware/software security An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a…
Intel uses hackathons to address hardware vulnerabilities
Since the first Hack@DAC hacking competition in 2017, thousands of security engineers have helped discover hardware-based vulnerabilities, develop mitigation methods, and perform root cause analysis of detected problems. Intel initially…
Thousands of Qlik Sense servers open to Cactus ransomware
Nearly five months after security researchers warned of the Cactus ransomware group exploiting a set of three vulnerabilities in the Qlik Sense data analytics and business intelligence (BI) platform, many…