Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks from other threat actors. Government agencies in the U.S., Canada, and Australia believe that...
A US government contractor will settle claims it violated cyber security rules prior to a breach that compromised Medicare beneficiaries’ personal data. Virginia-based ASRC Federal Data Solutions (AFDS) signed a deal with the Justice Department this week...
The Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog on Oct. 15.The WHD flaw — CVE-2024-28987 (CVSS 9.1) —...
In this episode of The Security Podcasts featuring Kelly Johnstone, Senior Security Advisor at International SOS, we discuss the importance of taking a proactive stance against workplace violence. “Not only do we want our employees to feel safe at work, but we want...
BleepingComputer reports that more cyberattacks have involved the exploitation of the open-source red team tool EDRSilencer to evade endpoint detection and response tools.Aside from averting traffic from Microsoft Defender, SentinelOne, Cisco Secure Endpoint,...
The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data. ScarCruft (aka “APT37” or “RedEyes”) is a...
We employ cookies to guarantee an optimal experience on our website. For additional details, please refer to our privacy policy. By opting to utilize this site, you acknowledge and agree to our policy.OkPrivacy policy