Shipment-Delivery Scams a Fav Way to Spread Malware

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads. Threat actors are increasingly using…

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense

Need a blueprint for architecting a formidable cyber-defense? Kerry Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown. As we enter into a new year full of…

The Internet’s Most Tempting Targets

What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets. The number of exposed assets keeps climbing, but existing security strategies…

Linux and Container Security: Removing module dependencies

Bitdefender recently announced GravityZone Security for Containers, expanding our cloud workload security (CWS) by offering run-time support for containers and infrastructures with Linux kernel module (LKM) independence for the Bitdefender…

Box 2FA Bypass Opens User Accounts to Attack

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. A security hole in Box, the cloud-based…

Cybercriminals Actively Target VMware vSphere with Cryptominers

VMware’s container-based application development environment has become attractive to cyberattackers. Organizations running sophisticated virtual networks with VMware’s vSphere service are actively being targeted by cryptojackers, who have figured out how…

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central…

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. Cyberattackers are abusing Amazon Web Services (AWS) and Azure Cloud services to deliver a trio of remote…

Here’s REALLY How to Do Zero-Trust Security

It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey. Zero-trust is without a doubt the new buzzword of…

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. Microsoft has addressed a total of 97 security vulnerabilities in its…