Biztonsági szemle

Microsoft Entra ID support has been integrated by enterprise identity protection startup Semperis into its attack path management tool Forest Druid in a bid to better combat cybersecurity threats against on-premises Active Directory and cloud systems...

California Gov. Gavin Newsom has approved into law legislation that would enable the state's cybersecurity agency CAL-SIC to provide assistance to K-12 schools amid the growing prevalence of K-12 cyberattacks, reports CBS Bay Area.

The U.S. Environmental Protection Agency has withdrawn its guidance requiring cybersecurity audits for water utilities across the country following a lawsuit filed by Arkansas, Iowa, and Missouri and supported by trade groups that challenged the...

TechCrunch reports that French cloud gaming startup Shadow had its customers' personal data compromised in a data breach stemming from a social engineering attack against an employee last month.

Threat actors have targeted .NET developers with a malicious NuGet package typosquatting the Pathoschild.Stardew.ModBuildConfig deploying the SeroXen RAT, The Hacker News reports.

The Register reports that increased efforts by the Russian-speaking Everest ransomware gang to secure corporate network access, particularly from entities across the U.S., Canada, and Europe, suggest the operation's move to becoming an initial access...

Several hacking attempts have been deployed by North Korean state-sponsored threat groups APT37 and APT43, as well as other Reconnaissance General Bureau operations, against defectors' group head Lee Min-bok, Yonhap News Agency reports.

Asian governments, telcos impacted by ToddyCat-linked attack campaign Asian government entities and telecommunications providers, particularly those in Vietnam, Pakistan, Kazakhstan, and Uzbekistan, have been subjected to an ongoing malware attack...

Poorly secured Linux SSH servers have been subjected to attacks with the ShellBot distributed denial-of-service malware that involved the use of IP addresses modified into their hexadecimal form, reports The Hacker News.

Akira ransomware operation's massive remote encryption attack against an industrial organization in June has been circumvented with Microsoft Defender for Endpoint's user containment functionality, according to The Hacker News.

More tools leveraged by AvosLocker ransomware affiliates known for combining open-source and legitimate software in their operations have been detailed in an updated joint cybersecurity advisory from the Cybersecurity and Infrastructure Security...

The European Union's Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours of exploitation could potentially expose organizations to attacks from adversaries or government surveillance.