The Play ransomware group hit the Dutch maritime logistics company Royal Dirkzwager. Royal Dirkzwager is specialized in optimizing shipping processes and managing maritime and logistic information flows.
Minneapolis Public Schools on Friday notified parents that hackers who stole district data in a recent system breach released that information onto the dark web, where users are untraceable.
The exploitation of old vulnerabilities continues to be a major concern in the world of cybersecurity. Financially motivated hackers and APT threat actors have been found to be taking advantage of a three-year-old Telerik vulnerability, as revealed in a joint advisory from the CISA, the FBI, and MS-ISAC.
The cyber-research community raises concerns over a vulnerability that puts the Microsoft 365 suite at risk. Earmarked CVE-2023-23397, the vulnerability allows an unauthenticated threat actor to obtain the user’s credentials by passing along a crafted email package. Research suggests that the bug, which was formally attributed to a Microsoft Outlook component, has a high ‘wormability’ factor, in most instances the user interaction phase being no longer necessary.
The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload.
BianLian ransomware, an open-source ransomware first observed in July 2022, has shifted to a new operational tactic in the past few months. It is moving away from the encryption game to pressuring victims through legal and regulatory risks they may face as a result of the leak of their data.
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets.
Facebook parent Meta has officially unveiled a ten-phase kill chain model that it believes will be more inclusive and more effective than the existing range of kill chain models. Cybersecurity theorists have long sought to understand the stages of an attack. The idea is simple: if you can recognize a stage in the attack process, you will be more able to disrupt the attack and protect your assets.
Investments in hardware, software, and services related to cybersecurity are expected to reach nearly $300 billion in 2026, driven by the ongoing threat of cyberattacks, the demands of providing a secure hybrid work environment, and the need to meet data privacy and governance requirements.