Loading...
Blog
Insights, updates, and deep dives into cybersecurity, cloud technology, and AI innovation.
news
Aug 13, 2024
AI-generated emails make up 40% of BEC lures, security firm says
A recent study by cybersecurity firm Ironscales reveals that 40% of business email compromise (BEC) lures are now generated using artificial intelligence (AI), highlighting a significant shift in phishing tactics.
1 min
news
Aug 9, 2024
Company Paid Record-Breaking $75 Million to Ransomware Group: Report
A company has reportedly paid a record-breaking $75 million ransom to the Dark Angels ransomware group, as disclosed in Zscaler's ThreatLabz 2024 Ransomware Report. This ransom, paid in early 2024, is nearly double the highest previously known payment.
3 min
news
Aug 5, 2024
Cloudflare Tunnels Abused for Malware Delivery
Cybersecurity researchers have discovered that threat actors are exploiting Cloudflare's tunnel service, TryCloudflare, to deliver malware. This service, designed to create secure, private connections, is being misused to conceal command-and-control (C&C) infrastructures, evading traditional security measures.
2 min
news
Aug 1, 2024
Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform
Researchers have discovered a significant privilege escalation vulnerability in Google Cloud Platform's Cloud Functions, known as "ConfusedFunction." This flaw allows attackers to misuse the Default Cloud Build Service Account to access sensitive Google services such as Cloud Build, storage, and various registries.
2 min
news
Jul 29, 2024
Cybercriminals Exploit CrowdStrike Falcon Update with Fake Fixes and Malware
After the Falcon update caused widespread IT outages, attackers quickly crafted phishing campaigns, posing as CrowdStrike support, to deliver malicious payloads. One notable campaign involves a fraudulent CrowdStrike recovery manual that installs the Daolpu info-stealer.
1 min
news
Jul 22, 2024
CrowdStrike update crashes Windows systems, causes outages worldwide
A recent update to CrowdStrike Falcon caused significant disruptions globally by crashing Windows systems. The update's faulty component led to numerous systems encountering boot loops or the Blue Screen of Death (BSOD).
3 min
news
Jul 12, 2024
Infostealer malware logs used to identify child abuse website members
Law enforcement has a powerful new tool in the fight against child sexual abuse material (CSAM). Researchers identified thousands of CSAM website users by analyzing information stolen by malware. This innovative approach involves cross-referencing stolen login credentials with known CSAM domains. Combined with publicly available information gathering (OSINT), researchers were able to link stolen credentials to real users.
3 min
news
Jul 10, 2024
Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program
Google is upping the ante on virtual machine security with the launch of kvmCTF, a new bug bounty program. This program specifically targets vulnerabilities within the KVM hypervisor, a technology fundamental to running virtual machines.
2 min
news
Jul 8, 2024
Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack
A recently discovered vulnerability in OpenSSH servers, designated CVE-2024-6387 and named regreSSHion, poses a significant security risk. This flaw could allow unauthorized actors to remotely execute code on vulnerable systems.
2 min