Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role in lateral movement in over 70% of ransomware attacks. However, there's an … [Read more...] about Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?
cyber security news today
New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide
Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett). The sophisticated botnet, dubbed Raptor Train by Lumen's Black Lotus Labs, is believed to have been operational since at … [Read more...] about New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense
Sep 17, 2024Ravie LakshmananBrowser Security / Quantum Computing Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, … [Read more...] about Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense
Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution
Sep 16, 2024Ravie LakshmananCloud Security / Vulnerability A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The … [Read more...] about Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
Sep 14, 2024Ravie LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection … [Read more...] about Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Sep 13, 2024Ravie LakshmananVirtual Reality / Vulnerability Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. "A novel … [Read more...] about Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
Sep 13, 2024Ravie LakshmananCyber Attack / Crime British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). "The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency … [Read more...] about 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram
Sep 12, 2024Ravie LakshmananMobile Security / Financial Fraud Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered Group-IB, which discovered the … [Read more...] about New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
Sep 11, 2024Ravie LakshmananNetwork Security / Hacking The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French … [Read more...] about Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. "CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved," ESET … [Read more...] about CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub