Russian hackers deliver malicious RDP configuration files to thousands
Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, …
CVE count set to rise by 25% in 2024
The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 …
Top passwords used in RDP brute-force attacks
Specops Software released a research analyzing the top passwords used in live attacks against Remote Desktop Protocol (RDP) ports. This analysis coincides with the latest …
Intruder dwell time jumps 36%
Sophos released the Active Adversary Playbook 2022, detailing attacker behaviors that Sophos’ Rapid Response team saw in the wild in 2021. The findings show a 36% increase in …
Verizon 2022 DBIR: External attacks and ransomware reign
There has been an alarming rise (13%) in ransomware breaches – a jump greater than the past 5 years combined, Verizon Business has revealed in its 2022 Data Breach …
Okta names contractor involved in Lapsus$ gang’s attack
Okta has released additional details about the security incident caused by the Lapsus$ gang, and has named the contractor involved: Sitel. What happened? “Like many SaaS …
Top threats for the financial sector
The potential financial, operational, and reputational impact of ransomware makes it the top threat facing financial services organizations, according to a report from …
March 2022 Patch Tuesday: Microsoft fixes RCEs in RDP client, Exchange Server
Microsoft marks March 2022 Patch Tuesday with patches for 71 CVE-numbered vulnerabilities, including three previously unknown “critical” ones and three …
SDP solutions are true ZTNA solutions: They trust no one
In this interview with Help Net Security, Alissa Knight, cybersecurity influencer and partner at Knight Ink, explains why organizations should switch to SDP as opposed to VPN, …
Log4j exploitation risk is not as high as first thought, cyber MGA says
When the Log4Shell vulnerability (CVE-2021-44228) was publicly revealed in December 2021, CISA Director Jen Easterly said that it is the “most serious” vulnerability she has …
End of 2021 witnessed an explosion of RDP brute-force attacks
RDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET’s latest Threat Report has revealed. RDP brute-force …
Zero trust isn’t just for IT, it can also protect targeted critical infrastructure
Gartner predicts that by 2025 cyber attackers will have weaponized OT environments to successfully harm or kill humans. Not only is a solution to secure OT assets imperative, …