Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. “This vulnerability is due to improper […]
Cyber News
Security Alert: Weak Credentials Behind Nearly 50% of All Cloud Attacks, New Google Report Finds Misconfigurations & Credential Mismanagement Plague Cloud Security in 2024 Hold onto your hats, folks, because Google’s latest report has dropped a bombshell about the state of cloud security, and it’s not pretty. If you thought your password “123456” was doing […]
Cyber Thoughts
Social media fuels conspiracies galore after Donald Trump is shot at a rally, cryptocurrency websites are hijacked after a screw-up at Squarespace, and our guest takes a close look at bottoms on Instagram. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley […]
Cyber News
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People’s Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named “MiroTalk.dmg” that mimics the legitimate video call […]
Cyber News
6.8%, to be precise. From ZDNet: However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic. The scale of these attacks is staggering. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks. That total is nearly a third […]
Cyber News
What’s happened? A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers. HardBit? I think I’ve heard of that before. Quite possibly. HardBit first emerged in late 2022, and quickly made a name for itself as it attempted to […]
Cyber News
Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway […]
Cyber News
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a security dodging tool known to be used by ransomware groups like AvosLocker, Black Basta, BlackCat, LockBit, and Trigona. “AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, […]
Cyber News
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. “The first campaign […]
Cyber News