RAT malware campaign tries to evade detection using polyglot files
Operators of the StrRAT and Ratty remote access trojans (RAT) are running a new campaign using polyglot MSI/JAR and CAB/JAR…
$20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims
In the ad, cybercriminals are offering to sell employee-level access to Telegram, researchers warn.
Software Supply Chain Security Needs a Bigger Picture
SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the…
Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available
Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations.
Securing the World’s Energy Systems: Where Physical Security and Cybersecurity Must Meet
Energy has become the new battleground for both physical and cyber security warfare, driven by nation-state actors, increasing financial rewards…
Kubernetes-Related Security Projects to Watch in 2023
Organizations must be vigilant about balancing performance gains with security, governance, and compliance as they expand their use of Kubernetes.
Rep. Nancy Mace files bill requiring Buttigieg to fly commercial until FAA, Southwest debacles resolved
Rep. Nancy Mace, R-S.C., has filed a bill that would require Transportation Secretary Pete Buttigieg to fly commercial until an…
Scattered Spider hackers use old Intel driver to bypass security
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a…
Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL
The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL…
Identity Thieves Bypassed Experian Security to View Credit Reports
Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer…