Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs
SpyCast: Cross-platform mDNS enumeration tool SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in …
Attackers use novel technique, malware to compromise hypervisors and virtual machines
Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts …
Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when …
New infosec products of the week: September 30, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Illumio, Malwarebytes, Netography, TransUnion, and Truecaller. TransUnion …
Top issues driving cybersecurity: Growing number of cybercriminals, variety of attacks
Fortifying cybersecurity defenses remains a work in progress for many organizations, who acknowledge their shortcomings but have yet to commit the necessary resources to the …
Are you inundated by a never-ending stream of cyberattacks?
Trellix released global research revealing the cost of siloed security, weak spots in protection, and lack of confidence amongst security operations teams. The study of 9,000 …
Office exploits continue to spread more than any other category of malware
The latest Internet Security Report from the WatchGuard Threat Lab shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an …
65% of companies are considering adopting VPN alternatives
Despite high awareness of VPN risks, remote work forced many companies to rely more heavily on legacy access methods during the pandemic. At the same time, cybercriminals …
SpyCast: Cross-platform mDNS enumeration tool
SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in passive mode by only listening to multicast …
Data security trends: 7 statistics you need to know
U.S. businesses are at high risk for data security threats from increasingly effective phishing attempts and the lack of procedures to restrict data access, according to …
Multi-platform Chaos malware threatens to live up to its name
Chaos, new multipurpose malware written in the Go programming language, is spreading across the world. “We are seeing a complex malware that has quadrupled in size in just two …
The holy trifecta for developing a secure API
It’s hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes. Writing an API that sticks …
Featured news
Resources
Don't miss
- The soft underbelly of space isn’t in orbit, it’s on the ground
- Privacy risks sit inside the ads that fill your social media feed
- Should AI access be treated as a civil right across generations?
- What cybersecurity leaders are reading to stay ahead
- Cisco email security appliances rooted and backdoored via still unpatched zero-day