Russian cyber spies hit NATO and EU organisations with new malware toolset
The APT29 espionage campaign is ongoing and the Polish military is urging potential targets to mitigate the risk.
Stories by Lucian Constantin
-
-
Why you should patch the Windows QueueJumper vulnerability immediately
A critical flaw in Microsoft Message Queuing Service is likely to be exploited as many organisations could be unaware that it is active.
-
Google launches dependency API and curated package repository with security metadata
With the two new services, Google aims to help minimise risk from malicious code in the software supply chain.
-
Iranian APT group launches destructive attacks in hybrid Azure AD environments
The threat group MERCURY has the ability to move from on-premises to cloud Microsoft Azure environments.
-
New Rorschach ransomware hits with unique features and very fast encryption
Researchers say the recently discovered strain raises the bar by automating some intrusion processes and moving very quickly compared to other attacks.
-
Hackers steal crypto assets by defeating 2FA with rogue browser extension
The Rilide malware tricks victims into revealing their second-factor authentication to withdraw cryptocurrency in the background.
-
Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem
Spyware vendors use a combination of zero-day exploits and known vulnerabilities. Google TAG researchers urge faster patching of mobile devices
-
APT group Winter Vivern exploits Zimbra webmail flaw to target government entities
Winter Vivern's campaign shows that threat actors can effectively take advantage of medium-severity vulnerabilities.
-
North Korean threat actor APT43 pivots back to strategic cyberespionage
The APT43 group is highly adept at using social engineering to target individuals and extract sensitive information.
-
Critical flaw in WooCommerce can be used to compromise WordPress websites
The vulnerability could allow unauthenticated administrative takeover of websites. WooCommerce has released an update.
-
Russian hacktivists deploy new AresLoader malware via decoy installers
The new malware loader can give attackers remote access and the ability to deliver other payloads.
-
Critical flaw in AI testing framework MLflow can lead to server and data compromise
The now-patched vulnerability in the popular MLflow platform could expose AI and machine-learning models stored in the cloud and allow for lateral movement.
-
55 zero-day flaws exploited last year show the importance of security risk management
Cybercriminals are now exploiting zero-day vulnerabilities for higher profits, which might require a reassessment of your risk.
-
Two Patch Tuesday flaws you should fix right now
Vulnerabilities affecting both Outlook for Windows and Microsoft SmartScreen were patched recently — both could have wide-ranging impact.
-
DNS data shows one in 10 organisations have malware traffic on their networks
Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure.
Events
ARN Innovation Awards 2023
Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.
Brand Post
Partnering Observability for Sustainable Healthcare IT
Sponsored By
