• Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

    Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

    Cybersecurity researchers have uncovered design weaknesses in Microsoft’s Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in Windows 11 to block malicious, untrusted, and potentially unwanted apps from being…

    Read More

  • Kazakh Organizations Targeted by ‘Bloody Wolf’ Cyber Attacks

    Kazakh Organizations Targeted by ‘Bloody Wolf’ Cyber Attacks

    Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master). “The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data,” cybersecurity vendor BI.ZONE said in a new…

    Read More

  • 7 Important Considerations Before You Buy Smart Home Tech  

    7 Important Considerations Before You Buy Smart Home Tech  

    Smart homes seem like something straight out of a sci-fi movie. They have lights that respond to your voice commands and thermostats that auto-adjust. Not to mention robot vacuums that clean your floors while you relax. It’s all very tempting. But before you rush out and buy the newest gadget, there are some crucial considerations.…

    Read More

  • The Loper Bright Decision: How it Impacts Cybersecurity Law

    The Loper Bright Decision: How it Impacts Cybersecurity Law

    The Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously decided by federal agencies. This article explores key questions for cybersecurity professionals and leaders as we enter a more contentious period of cybersecurity law. Background What…

    Read More

  • Enhancing Incident Response Readiness with Wazuh

    Enhancing Incident Response Readiness with Wazuh

    Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly. Challenges in incident

    Read More

  • Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

    Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

    A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol (CIP) programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS v3.1 score of 8.4. “A vulnerability exists in the affected products that allows a threat…

    Read More

  • DOJ and FTC Sue TikTok for Violating Children’s Privacy Laws

    DOJ and FTC Sue TikTok for Violating Children’s Privacy Laws

    The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for “flagrantly violating” children’s privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts and to view and share short-form videos and messages with adults and others…

    Read More

  • Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

    Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

    Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers. Attack chains entail the exploitation

    Read More

  • APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

    APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

    A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike. It has…

    Read More

  • APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

    APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

    A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. “The campaign likely targeted diplomats and began as early as March 2024,” Palo Alto Networks Unit 42 said in a report published today, attributing it with…

    Read More