Cyber Security
Russian hackers exploiting Outlook bug to hijack Exchange accounts
Microsoft’s Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. […]
Read MoreDecember Android updates fix critical zero-click RCE flaw
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug. […]
Read MoreOver 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. […]
Read MoreJapan’s Space Program at Risk After Microsoft Active Directory Breach
The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach.
Read MoreNorth Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks
Threat actors from the Democratic People’s Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country.
“Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime’s
Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it’s responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers (PLCs) to target the Municipal Water Authority of Aliquippa in western Pennsylvania.
The attack has been attributed to an Iranian-backed hacktivist collective known as Cyber Av3ngers.
“Cyber threat
Okta Discloses Broader Impact Linked to October 2023 Support System Breach
Identity services provider Okta has disclosed that it detected “additional threat actor activity” in connection with the October 2023 breach of its support case management system.
“The threat actor downloaded the names and email addresses of all Okta customer support system users,” the company said in a statement shared with The Hacker News.
“All Okta Workforce Identity Cloud (WIC) and Customer
Police dismantle ransomware group behind attacks in 71 countries
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries. […]
Read MoreThe Role of the CISO in Digital Transformation
A successful CISO should play a leading role in digital transformation and cloud migration initiatives in their organization. The CISO is responsible for making sure technical security controls are designed and implemented appropriately, and changes are properly managed, with security in mind from the very start.
Read MoreCyber Threats to Watch Out for in 2024
As cyber threats evolve in 2024, organizations must prepare for deepfakes, extortion, cloud targeting, supply chain compromises, and zero day exploits. Robust security capabilities, employee training, and incident response plans are key.
Read More