Data Thieves Test-Drive Unique Certificate Abuse Tactic
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
News
Magecart Campaign Hijacks 404 Pages to Steal Data
The novel technique helps hide the cybercriminal campaign's efforts to steal credit card information from visitors to major websites, and…
Addressing a Breach Starts With Getting Everyone on the Same Page
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align.
Securely Moving Financial Services to the Cloud
Financial services organizations migrating applications to the cloud need to think about cloud governance, applying appropriate policies and oversight, and…
Protect AI Releases 3 AI/ML Security Tools as Open Source
NB Defense, ModelScan, and Rebuff, which detect vulnerabilities in machine learning systems, are available on GitHub.
A Frontline Report of Chinese Threat Actor Tactics and Techniques
Threat intel experts see a reduced focus on desktop malware as threat groups prioritize passwords and tokens that let them…
Reassessing the Impacts of Risk Management With NIST Framework 2.0
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.
Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business…
One-Click ‘Gnome’ Exploit Is a Supply Chain Risk for Linux OSes
An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.
Badbox Operation Targets Android Devices in Fraud Schemes
Researchers believe that more than 70,000 Android devices may have been affected with preloaded Peachpit malware that was installed on…