Social Engineering

Endpoint-based web and cloud security provider Dope Security has launched a new instant secure socket layer (SSL) error resolution feature on its secure web gateway (SWG) offering, Dope.swg. The new feature is added to simplify SSL inspection conducted by Dope’s SWG and helps admins bypass SSL errors generated as a result of the inspection. “Dope’s main differentiation is its ‘fly-direct’ architecture — rather than re-route all of your Internet traffic to a data center for…

Read More

A group of cybercriminals based in Israel has launched more than 350 business email compromise (BEC) campaigns over the past two years, targeting large multinational companies from around the world. The group stands out with some of the techniques it uses, including email display name spoofing and multiple fake personas in the email chains, and through the abnormally large sums of money the attempt to extract from organizations. “Like most other threat actors that focus…

Read More

A previously undocumented malware campaign called DownEx has been observed actively targeting government institutions in Central Asia for cyberespionage, according to a report by Bitdefender.  The first instance of the malware was detected in 2022 in a highly targeted attack aimed at exfiltrating data from foreign government institutions in Kazakhstan. Researchers observed another attack in Afghanistan. “The domain and IP addresses involved do not appear in any previously documented incidents, and the malware does not share any code similarities…

Read More

What’s a password manager? A password manager is a program that stores passwords and logins for various sites and apps, and generates new strong passwords when a user needs to change an old one or create a new account. Users can sign into a password manager with a single strong password or by using biometrics, and access all their login information. Most password managers allow users to sign in on multiple devices (including Macs, Windows…

Read More

Dell’s storage product lineup is set to receive a wide range of updates, including  devops integrations with the Ansible and Terraform tools, compliance with the latest US government security standards, zero trust readiness and more. PowerStore, Dell’s flash-based storage array line, is receiving the lion’s share of the security updates, according to a Dell announcement on Wednesday. Dell said that PowerStore now boasts STIG hardening, meaning that it is compliant with the federal government’s stanadards…

Read More

Microsoft fixed a new vulnerability this week that could be used to bypass defenses the company put in place in March for a critical vulnerability in Outlook that Russian cyberspies exploited in the wild. That vulnerability allowed attackers to steal NTLM hashes by simply sending specifically crafted emails to Outlook users. The exploit requires no user interaction. The new vulnerability, patched Tuesday and tracked as CVE-2023-29324, is in the Windows MSHTML Platform and can be…

Read More

Technology giant IBM has debuted a new set of tools and capabilities designed as an end-to-end, quantum-safe solution to secure organizations and governmental agencies as they head toward the post-quantum computing era. Announced at its annual Think conference in Orlando, Florida, Quantum Safe technology combines expertise across cryptography and critical infrastructure to address the potential future security risks that quantum computing poses, according to the company. IBM also unveiled the Quantum Safe Roadmap to guide…

Read More

Security agencies from five countries have issued a joint advisory revealing technical details about a sophisticated espionage tool used by Russian cyber actors against their targets. “Snake malware” and its variants have been a core component in Russian espionage operations carried out by Center 16 of Russia’s Federal Security Service (FSB) for nearly two decades, according to the security notice. Identified in infrastructure in over 50 countries across North America, South America, Europe, Africa, Asia,…

Read More

The use of digital twins — virtual representations of actual or envisioned real-world objects — is growing. Their uses are multifold and can be incredibly helpful, providing real-time models of physical assets or even people or biological systems that can help identify problems as or even before they occur. Grand View Research has predicted that the global digital twin market, valued at $11.1 billion in 2022, will grow at a 37.5% compound annual growth rate…

Read More

Ransomware remains one of the biggest cybersecurity threats that organizations and governments continue to face. However, hackers are engineering new ways to extract ransom from their victims as organizations take a conscious call to decline ransom payment demands. With the fall of the most notorious ransomware gang, Conti, in May 2022, it was assumed that ransomware attacks would see a major decline. However, Tenable found that 35.5% of breaches in 2022 were the result of a ransomware attack,…

Read More