China-aligned APT is exploring new technology stacks for malicious tools
ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that …
Business-grade routers compromised in low-key attack campaign
An unknown threat actor has discreetly compromised business-grade DrayTek routers in Europe, Latin and North America, equipping them with a remote access trojan (dubbed …
Law enforcement teams score major win against DoppelPaymer ransomware gang
In a joint effort, the German Regional Police, Ukrainian National Police, Europol, Dutch Police, and FBI joined forces on February 28, 2023, to take down the masterminds …
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly …
6 cybersecurity and privacy Firefox add-ons you need to know about
In today’s digital age, cybersecurity and privacy have become major concerns for internet users. With the increase in cyber attacks and data breaches, it is vital to …
How to achieve and shore up cyber resilience in a recession
Today’s business leaders are grappling with two opposing challenges. On the one hand, present day global economic and recessionary pressures mean spending policies need to be …
Popular fintech apps expose valuable, exploitable secrets
92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, …
Week in review: LastPass breach, GCP data exfiltration, UEFI bootkit
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Cloud Platform allows data exfiltration without a (forensic) trace …
New infosec products of the week: March 3, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Fastly, Forescout, ManageEngine, and Veeam Software. Forescout XDR enables …
Vulnerabilities of years past haunt organizations, aid attackers
Known vulnerabilities – those for which patches have already been made available – are the primary vehicle for cyberattacks, according to Tenable. The Tenable report …
Attackers are developing and deploying exploits faster than ever
While there was a reduction in the widespread exploitation of new vulnerabilities in 2022, the risk remains significant as broad and opportunistic attacks continue to pose a …
ML practitioners push for mandatory AI Bill of Rights
The AI Bill of Rights, bias, and operational challenges amid tightening budgets are pressing issues affecting the adoption of ML as well as project and initiative success, …