Biztonsági szemle

Intrusions, which were noted by BleepingComputer and ID-Ransomware to have increased in prevalence since July 20, were reported by some victims to have resulted in device encryption following the execution of cracked software and key generators.

Deployed in an attack against a South American government's foreign ministry, the latest iteration of BITSLOTH has been integrated with 35 handler functions, as well as other enumeration, command-line execution, and discovery capabilities.

Attackers have been deploying BlankBot in the guise of utility apps, which when installed seek accessibility permissions for proper execution before performing an update that enables the acquisition of permissions for total device takeovers.

Aside from conducting the ongoing internet outage, which was proven by showing the takedown of most Iranian ministry websites, WeRedEvils also purported exfiltrating data from the impacted computer systems, which has already been given to the Israeli...

After conducting a DNS poisoning attack against the ISP, StormBamboo leveraged vulnerable HTTP software update mechanisms without digital signature validation to facilitate the installation of MACMA and MgBot malware to Windows and macOS systems.

Mark Weatherford, a seasoned cybersecurity professional with a distinguished career in both the public and private sectors, shares his perspectives on the evolving landscape of governance, risk management, and compliance (GRC).

Ultimately, a more cyber-secure world requires a global governing body to regulate and campaign for cybersecurity, with consistent regulatory requirements in the various regions around the world.

Cisco XDR turns one year old. Here is the backstory of how we developed relationships and alliances with “competitors” to have the open ecosystem of today.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-0824 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are...

The scheme, from the group also known as APT28, involves targeting Eastern European diplomats in need of personal transportation and tempting them with a purported good deal on a Audi Q7 Quattro SUV.

While bringing on an early-adopter security tool presents some risk for a CISO, it’s often a good choice for the right organization.

We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center (MSRC)...