A recent report has disclosed that there has been a tremendous growth of 633% (year-over-year) in cyber-attacks on open-source repositories. This sharp rise goes viz-a-viz with the trend of a boom in the adoption of open-source repos among enterprises.
A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are already seen using the zero-day bug in ransomware attacks.
EnergyAustralia has become the latest company to be targeted by a cyber-attack, with hundreds of customers’ details exposed.
In a statement released late on Friday, the electricity company said 323 residential and small business customers were affected by unauthorised access to their online platform, My Account.
Cisco has published a heads-up for admins of Cisco Identity Services Engine solutions, about two vulnerabilities (CVE-2022-20822, CVE-2022-20959) that could be exploited to read and delete files on an affected device, and to execute arbitrary script or access sensitive information
The experts analyzed PoCs shared on GitHub for known vulnerabilities discovered in 2017-2021, some of these repositories were used by threat actors to spread malware.The experts pointed out that public code repositories do not provide any guarantees that any given PoC comes from a trustworthy source.
One of the most popular and sophisticated threats, LockBit (a RaaS group), has maintained its position of being a leader in ransomware threats. Each of its variants, namely LockBit 1.0, LockBit 2.0 and LockBit 3.0, has caused grave damage and impact during its malicious campaigns, and it continues to do so.
Researchers have observed a spike in cyberattacks by Deadbolt ransomware on NAS devices around the globe. With these attacks, it is extorting not just the end customers but the NAS vendors, such as QNAP.
The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems.
In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. The recent Uber breach is just one example, but we see many campaigns circumventing 2FA on various platforms.
New cyber threats are identified practically every day. In order to stay ahead, it’s necessary for cybersecurity professionals to retrain often — Which is obviously time intensive and expensive. So we’re offering Infosec4TC Platinum Memberships this week at a severely discounted price so it’s easier than ever to keep abreast of the latest developments.
