The EU’s DORA regulation is in effect as of January 17, with mixed evidence around compliance levels among financial firms
Shopping for OT systems? A new CISA guide outlines OT cyber features to look for. Meanwhile, the U.S. government publishes a playbook for collecting AI vulnerability data. Plus, a White House EO...
2025-01-13 • Sekoia • Amaury G., Erwan Chevalier, Félix Aime, Maxime A. • vbs.hatvibe Open article on Malpedia
The federal government and multiple cybersecurity firms warned of a zero-day vulnerability in FortiGate firewalls that hackers are actively exploiting.
CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. The post Threat Brief: CVE-2025-0282 and...
A breach of AT&T that exposed “nearly all” of the company's customers may have included records related to confidential FBI sources, potentially explaining the Bureau's new embrace of end-to-end...
An Otelier employee's workstation was infected with an infostealer, leading to compromise of their Jira credentials. The threat actor abused these to gain access to the Jira server, which...
The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in...
The North Korean office responsible for the scheme, Department 53, was created to funnel money back into the country’s weapons programs. The post Treasury sanctions North Korea over remote IT...
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee...
At least one key Republican told CyberScoop that he wasn’t happy about the last-minute nature of the EO. The post Biden cyber executive order gets mostly plaudits, but its fate is uncertain...
The U.S. Treasury Department said there are “thousands” of North Korean IT workers hired across the globe as part of the campaign and they use a variety of technology to hide their identities and...
Bill discusses how to find 'the helpers' and the importance of knowledge sharing. Plus, there's a lot to talk about in our latest vulnerability roundup.
The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up...
Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks
Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's...
Enzo Biochem said it settled a class action lawsuit related to a ransomware attack for $7.5 million and also is making upgrades to its data protection systems.
You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app...
Star Blizzard, known to be part of Russia’s FSB, moved schemes to the messaging platform last November. The post Microsoft catches Russian state-sponsored hackers shifting tactics to WhatsApp...
Truth Social, launched by the Trump Media & Technology Group in 2022, has become a hotspot for scams like phishing and investment fraud
Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability,...
Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple...
A long-time partnership results in a useful roadmap for implementing Zero Trust
Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers...
The US President’s second cybersecurity Executive Order will impose stricter security standards on software providers
The best password managers provide security, privacy, and ease of use for a reasonable price. We tested the best ones to help you find what's best for your family.
ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. [...]
Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. [...]
ASEC Blog publishes “Android Malware & Security Issue 3st Week of January, 2025”