Continuous Monitoring and Protection
Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.
Read MoreThe U.S. government’s cybersecurity agency CISA on Monday confirmed the addition of Peiter ‘Mudge’ Zatko to its roster of prominent voices preaching the gospel of security-by-design and secure-by-default development principles. Zatko, most recently the CISO at Twitter who blew the whistle on the social media giant’s security shortcomings, is joining the agency in a part-time capacity to work on the “security and resilience by design” pillar of the Biden administration’s National Cybersecurity Strategy. A statement…
Read MoreJust days after shipping a major security update to correct vulnerabilities in its Aria Operations for Networks product line, VMWare is warning that exploit code has been published online. In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The exploit code and root-cause analysis, released by SinSinology…
Read MoreESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites
Read MoreIf you want to try to enter the world of VPNs with a small dip, then iCloud Private Relay is your friend — but is it a true VPN service? The devil is in the details.
Read MoreDomain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.…
Read MoreSecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…
Read MoreCyber intelligence firm EclecticIQ on Thursday announced the release of a free decryption tool to help victims of the Key Group ransomware recover their data without having to pay a ransom. Also known as keygroup777, Key Group is a Russian-speaking cybercrime actor known for selling personally identifiable information (PII) and access to compromised devices, as well as extorting victims for money. The group has been observed using private Telegram channels to communicate with members and…
Read MoreElon Musk said Thursday that his social network X, formerly known as Twitter, will give users the ability to make voice and video calls on the platform. Musk, who has a history of making proclamations about coming features and policies that have not always come to fruition, did not say when the features would be available to users. The company also updated its privacy policies that will allow for the collection of biometric data and…
Read MoreESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs
Read More