March 21, 2024PressroomMachine Learning/Software Security GitHub announced on Wednesday that it will make a feature called Code Scan AutoFix available in public beta to all Advanced Security customers to provide…
Category: Cyber Security
NIST’s Vuln database undergoes downsizing, raising questions about its future
Since 2005, the National vulnerability database (NVD) has published details on the hundreds of common everyday vulnerabilities and exposures (CVEs) discovered by security researchers around the world. But last month,…
AndroxGh0st malware targets Laravel apps to steal cloud credentials
March 21, 2024PressroomThreat/vulnerability information Cyber security researchers have shed light on a tool called AndroxGh0st it is used to target Laravel applications and steal sensitive data. “It works by scanning…
How can we reduce threats from the IAB market?
Question: How can we prevent initial access brokers from selling access to our networks to any ransomware authors who want it? Ram Elboim, CEO of Sygnia: As ransomware continues to…
Russian Hackers Use TinyTurla-NG to Hack Systems of European NGOs
March 21, 2024PressroomThreat Intelligence/Malware The Russia-linked criminal actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) to install a backdoor called TinyTurla-NG. “The attackers…
Understanding the new frontiers in global conflicts
COMMENT Over the past few decades, the nature of warfare between nations has evolved substantially with the integration of offensive cyber tactics. At the end of 2023, the head of…
Over 800 npm packages found with discrepancies, 18 exploitable for “obvious confusion”
March 21, 2024PressroomSoftware Security/Open Source New research has discovered over 800 packages in the npm registry that have discrepancies from registry entries, of which 18 were found to exploit a…
Using east-west network visibility to detect threats in later phases of MITER ATT&CK
The Cybersecurity and Infrastructure Security Agency (CISA) calls one of the problems “insufficient internal network monitoring.” The 10 most common network misconfigurations this year. Indeed, network analysis and visibility (NAV)…
How to Accelerate Vendor Risk Assessments in the Age of SaaS Expansion
In today’s digital business environment, dominated by SaaS applications, organizations are increasingly dependent on third-party vendors for essential cloud services and software solutions. As more vendors and services are added…
After LockBit, ALPHV takedowns, RaaS startups embark on a recruiting drive
High-profile, name-brand ransomware takedowns are starting to have a real impact, sowing discord among hackers and causing big changes in the cyber underground. Governments in the United States and the…