A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. “Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims’ data and then
The U.K. Information Commissioner’s Office (ICO) has confirmed that professional social networking platform LinkedIn has suspended processing users’ data in the country to train its artificial intelligence (AI) models. “We are pleased that LinkedIn has reflected on the concerns we
Ukraine has restricted the use of the Telegram messaging app by government officials, military personnel, and other defense and critical infrastructure workers, citing national security concerns. The ban was announced by the National Coordination Centre for Cybersecurity (NCCC) in a
Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally,
In IT environments, some secrets are managed well and some fly under the radar. Here’s a quick checklist of what kinds of secrets companies typically manage, including one type they should manage: Passwords [x] TLS certificates [x] Accounts [x] SSH
An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks. Google-owned Mandiant is tracking the activity cluster
Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. “This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of
Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report
Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. “Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials,”
