Zimbra RCE Bug Under Active Attack
A flaw in unpatched Zimbra email servers could allow attackers to obtain remote code execution by pushing malicious files past filters.
Cyber NewsUkraine Enhances Cooperation With EU Cybersecurity Agencies
Ukraine looks to enhance European integration with ENISA special partner status
Cyber NewsIntel Confirms Source Code Leak
Cyber-criminals could use the leaked source code to help launch attacks
Cyber NewsEndor Labs offers dependency management platform for open source software
Endor Labs came out of stealth on Monday and launched its Dependency Lifecycle Management Platform, designed to ensure end-to-end security for open source software (OSS). The software addresses three key things—helping engineers select better dependencies, helping organizations optimize their engineering, and helping them reduce vulnerability noise. The platform scans the source code and offers feedback […]
Cyber NewsResearchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky
A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. “Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan,” Trend Micro disclosed in […]
Cyber NewsThermoSecure: Cracking Passwords Using Finger Heat on Keyboards is Now Possible
A group of researchers have guessed 100% of six-character passwords using this attack
Cyber NewsSerious Security: OAuth 2 and why Microsoft is finally forcing you into it
Microsoft calls it “Modern Auth”, though it’s a decade old, and is finally forcing Exchange Online customers to switch to it.
Cyber News6 Things Every CISO Should Do the First 90 Days on the Job
A CISO’s responsibilities have evolved immensely in recent years, so their first three months on the job should look a different today than they might have several years ago.
Cyber NewsNew Report Uncovers Emotet’s Delivery and Evasion Techniques Used in Recent Attacks
Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 […]
Cyber News