Akira Ransomware Actors Exploit SonicWall Bug for RCE
CISA has added CE-2024-40766 to its Known Exploited Vulnerabilities catalog.
How to defend against brute force and password spray attacks
While not very sophisticated, brute force password attacks pose a significant threat to an organization's security. Learn more from Specops…
New Voldemort malware abuses Google Sheets to store stolen data
A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating…
Why Identity Teams Need to Start Reporting to the CISO
Identity management sits with IT for good reason, but now that identity is the common denominator in every attack, it's…
Stealthy ‘sedexp’ Linux malware evaded detection for two years
A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included…
Hackers now use AppDomain Injection to drop CobaltStrike beacons
A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can…
Local Networks Go Global When Domain Names Collide
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft…
Qilin ransomware now steals credentials from Chrome browsers
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in…
Are you blocking “keyboard walk” passwords in your Active Directory?
A common yet overlooked type of weak password are keyboard walk patterns. Learn more from Specops Software on finding and…
GitHub Actions artifacts found leaking auth tokens in popular projects
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens…