A penetration test (also known as a pentest) is a security assessment that simulates the activities of real-world attackers to identify security holes in your IT systems or applications. The aim of the test is to understand what vulnerabilities you have, how they could be exploited, and what the impact would be if an attacker […]
Cyber News, Cyber Threat Trends
A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. “These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines,” Sucuri researcher Ben Martin said in a report published last week, calling it a “clever black hat SEO trick.” The search […]
Cyber News, Cyber Threat TrendsThreat actors claim they’ll destroy victims’ reputation if they don’t pay
Cyber News, Cyber Threat TrendsExecutive summary: Fortinet’s newest vulnerability, CVE-2022-40684, allowing for authentication bypass to manipulate admin SSH keys, unauthorized downloading of configuration files, and creating of super admin accounts, is put a big target on the back’s of unpatched and exposed Fortinet devices. An AT&T Managed Extended Detection and Response (MXDR) customer was involved in a true positive […]
Cyber News, Cyber Threat TrendsSomnia malware hijacks Telegram and VPN accounts
Cyber News, Cyber Threat TrendsCyber experts urge consumers to improve online safety
Cyber News, Cyber Threat Trends
A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to
Cyber News, Cyber Threat Trends
A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor’s infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that’s used to facilitate information theft. “What is noteworthy is data collection from […]
Cyber News, Cyber Threat Trends
ACM.110 CloudFormation is an amazing concept but it needs a little TLC This is a continuation of my series of posts on Automating Cybersecurity Metrics. In the last post we looked at adding a policy to our VPC Endpoint that provides access to CloudFormation via a private network (i.e. without traversing the Internet.) Add a Policy […]
Cyber News, Cyber Threat Trends