'

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US has been identified. The attack, known as the “Prince Ransomware,” utilizes a phishing scam that impersonates the British postal carrier Royal Mail. This campaign highlights the growing sophistication of cyber threats and the need for heightened vigilance among internet users. The … Read more

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of domains a Russian hacking group linked to the Federal Security Service (FSB) uses. This collaborative effort is critical in countering cyber threats targeting democratic institutions worldwide. Seizing Domains to Disrupt Cyberattacks In coordination with the DOJ, Microsoft’s Digital Crimes Unit (DCU) … Read more

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from the provider. Due to the impact of the infrastructure, Penetration Testingnot allowed in SaaS Environment. … Read more

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed “perfctl,” actively targeting millions of Linux servers worldwide. This malicious software exploits over 20,000 types of server misconfigurations, posing a significant threat to any Linux server connected to the internet. The malware’s stealthy nature and advanced evasion techniques make it particularly challenging to detect and mitigate. The … Read more

News alert: Doppler fortifies ‘secrets management’ with Change Requests auditable approval feature

San Francisco, Calif., Oct. 3, 2024, CyberNewswire — Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. Designed to enhance security, compliance, and team collaboration, Change Requests gives organizations the … Read more

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

Singapore, Oct. 3, 2024, CyberNewswire — At DEF CON 32, the SquareX research team delivered a hard-hitting presentation titled Sneaky Extensions: The MV3 Escape Artists where they shared their findings on how malicious browser extensions are bypassing Google’s latest standard for building chrome extensions: Manifest V3 (MV3)’s security features, putting millions of users and businesses … Read more

Pixel’s Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems

Posted by Sherk Chung, Stephan Chen, Pixel team, and Roger Piqueras Jover, Ivan Lozano, Android team Pixel phones have earned a well-deserved reputation for being security-conscious. In this blog, we’ll take a peek under the hood to see how Pixel mitigates common exploits on cellular basebands. Smartphones have become an integral part of our lives, … Read more

Evaluating Mitigations & Vulnerabilities in Chrome

Posted by Alex Gough, Chrome Security Team The Chrome Security Team is constantly striving to make it safer to browse the web. We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security … Read more

News alert: Upcoming webinar highlights threat mitigation, fortifying ‘ASM’ with Criminal IP

Torrance, Calif., Oct. 3, 2024, CyberNewswire — An exclusive live webinar will take place on October 4th at noon Eastern Time (ET), demonstrating how Criminal IP’s Attack Surface Management (ASM) can help organizations proactively detect and mitigate cyber threats. The webinar will feature a Criminal IP ASM Live Demo, providing a comprehensive view of attack … Read more

Doppler Launches ‘Change Requests’ to Strengthen Secrets Management Security with Audited Approvals

Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. Designed to enhance security, compliance, and team collaboration, Change Requests gives organizations the tools to mitigate the potential risks from misconfigurations … Read more

Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions

At DEF CON 32, the SquareX research team delivered a hard-hitting presentation titled Sneaky Extensions: The MV3 Escape Artists where they shared their findings on how malicious browser extensions are bypassing Google’s latest standard for building chrome extensions: Manifest V3 (MV3)’s security features, putting millions of users and businesses at risk. SquareX’s research team publicly … Read more

Webinar Announcement: Attack Surface Management to the Rescue – Find, Fix, Fortify Your ASM with Criminal IP

An exclusive live webinar will take place on October 4th at noon Eastern Time (ET), demonstrating how Criminal IP’s Attack Surface Management (ASM) can help organizations proactively detect and mitigate cyber threats. The webinar will feature a Criminal IP ASM Live Demo, providing a comprehensive view of attack surface visibility. As cyber threats continue to … Read more