DevSecOps in the Azure Cloud

Many organizations are transitioning to a DevSecOps model, with closer collaboration between developers, security and operations teams from the onset of application development. There is a close connection between DevSecOps…

SolarWinds hackers set up phony media outlets to trick targets

Written by Tonya Riley May 3, 2022 | CYBERSCOOP The Russian hacking group behind the SolarWinds hack, Nobelium, is setting up new infrastructure to launch attacks using old tricks, researchers…

Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’

Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses. While they have good…

Here's how hackers used the Log4j flaw to gain access before moving across a company's network

A North Korean hacking and cyber-espionage operation breached the network of an engineering firm linked to military and energy organisations by exploiting a cybersecurity vulnerability in Log4j.  First detailed in…

Conti and Hive ransomware operations: What we learned from these groups' victim chats

As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs…

SECURITY ALERT: Active Golang-Written Botnet StealthWorker Infects Thousands of Websites via Distributed Brute-Force Attacks.

Heimdal™ Security’s SOC department together with other cybersecurity institutions have released an all-out advisory to its customer base, clients, users, and partners in regards to the activity of an emergent…

How To Safeguard Your Cryptocurrency Investments?

Once you invest in cryptocurrency, it is primarily important to secure your investments.  With rising numbers of cyber-attacks, chances of crypto theft have also soared nowadays. Reports suggest that almost…

Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google

Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects.  The Package Analysis Project is one of the…

Hacking Group Moshen Dragon Targets Asian Telecommunication Companies

Moshen Dragon is a strong hacking organization that has the capacity to change its strategy based on the kind of defenses they are encountering. When it comes to sideloading malicious…

Threat Actors Sent Malicious Emails Using Google SMTP Relay Service

Cybercriminals conducting phishing attacks now take advantage of Google SMTP relay service to get around email security software and successfully send malicious email messages to their victims. A report from…