Malware

A commercial malware tool called Legion that hackers deploy on compromised web servers has recently been updated to extract credentials for additional cloud services to authenticate over SSH. The main goal of this Python-based script is to harvest credentials stored in configuration files for email providers, cloud service providers, server management systems, databases, and payment systems. These hijacked resources enable the attackers to launch email and SMS spam campaigns. “This recent update demonstrates a widening…

Read More

Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear. As a top-level professional in the business of defending against the bad guys, it was unexpected and not a little ironic that he would find himself on the other side…

Read More

Security processor provider Axiado has announced the availability of two new trusted compute units (TCUs) to help detect ransomware and other cyberattacks on servers and infrastructure elements in cloud data centers, 5G networks, and network switches. Dubbed AX3000 and AX2000, these TCUs are AI-powered hardware security platform solutions that, the company says, integrate all security functions within a single system-on-chip (SoC) module. “Products such as Axiado’s TCU are important developments in the market, as they…

Read More

Infrastructure access management company Teleport has announced the release of Teleport 13, the latest version of its Teleport Access Platform. Teleport 13 features scanning and automatic patching of Teleport vulnerabilities to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure, the firm said. The solution aims to address the targeting of user credentials and other forms of secrets by attackers and is ideal for users that adopt the Teleport Open…

Read More

What enforces your security boundary today? What will enforce it in the next few years? For many years, Microsoft Active Directory has been the backbone and foundation of network authentication, identity, and connection. But for many organizations moving to cloud applications or having a mixture of operating systems, the need for cloud-based network management is on the rise. Some firms are merely adding synchronization between on-premise networks and cloud environments and calling it a day.…

Read More

Meta has been fined $1.3 billion (€1.2 billion) by the Irish Data Protection Commission (DPC) for violating the terms of the EU’s GDPR by continuing to transfer EU users’ data to the US without adequate safeguards. Meta has failed to “address the risks to the fundamental rights and freedoms” of Facebook’s European users, the DPC said in a statement. In addition to the fine, Meta has been given five months to stop the transfer of…

Read More

Cybersecurity activity around business email compromise (BEC) spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by the Microsoft Microsoft’s Digital Crimes Unit (DCU). The findings were highlighted in the latest edition of Microsoft’s Cyber Signals, a cyberthreat intelligence report that spotlights security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. “BEC attacks stand apart in the cybercrime industry for their emphasis on…

Read More

When an ant colony is threatened, individual ants release pheromones to warn of the impending danger. Each ant picking up the warning broadcasts it further, passing it from individual to individual until the full defenses of the colony are mobilized. Instead of a single ant facing the danger alone, thousands of defenders with a single purpose swiftly converge on the threat. This all happens without the need for direction from a central authority or guidance…

Read More

Despite efforts taken in recent years to proactively monitor public software repositories for malicious code, packages that bundle malware continue to routinely pop up in such places. Researchers recently identified two legitimate looking packages that remained undetected for over two months and deployed an open-source information stealing trojan called TurkoRat. Effective use of typosquatting on malicious npm packages Attackers attempt to trick users into downloading malicious packages in several ways, and typosquatting is one of…

Read More