New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM…
Building Resilience: A Post-Breach Security Strategy for Any Organization
In the wake of a recent breach that compromised sensitive information, a healthcare organization sought my guidance on how to…
Innovator Spotlight: Cloud Range
by Dan K. Anderson CEO, CISO, and vCISO The cybersecurity landscape is rapidly evolving, and so are the tactics of…
Windows ‘Downdate’ Attack Reverts Patched PCs to a Vulnerable State
Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched…
New Windows Driver Signature bypass allows kernel rootkit installs
Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully…
Russia’s APT29 Mimics AWS Domains to Steal Windows Credentials
Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals…
Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy…
EDRSilencer red team tool used in attacks to bypass security
A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute…
OpenAI confirms threat actors use ChatGPT to write malware
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation,…