The US Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies about an actively exploited zero-day vulnerability in Google’s Chrome browser.
Federal Agencies Instructed to Patch New Chrome Zero-Day
White House Proposes $10.9 Billion Budget for Cybersecurity
Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks
Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of “hundreds of malicious packages” into the NPM ecosystem.
North Korea Gov Hackers Caught Sharing Chrome Zero-Day
Malware hunters at Google have spotted signs that North Korean government hackers are sharing zero-day browser exploits for use in waves of targeted attacks hitting U.S. news media, crypto-banks and IT organizations.
Achieving Positive Outcomes With Multi-Domain Cyber and Open Source Intelligence
Ransomware, Malware-as-a-Service Dominate Threat Landscape
Ransomware continues to expand with double-extortion now the standard; the malware-as-a-service model is now common; and criminals are increasingly ‘living off the land’, according to data from Red Canary.
A Sheep in Wolf’s Clothing: Technology Alone is a Security Facade
The power of the technology to defend our IT systems is only as good as our ability to evolve it in the face of ever-changing adversary tradecraft
‘Secrets Sprawl’ Haunts Software Supply Chain Security
A cybersecurity startup is warning of a major, unattended weak link in the software supply chain: the vexing problem of valuable corporate secrets — API keys, usernames and passwords, and security certificates — publicly exposed in corporate repositories.
‘Serpent’ Backdoor Used in Malware Attacks on French Entities
French organizations in the construction, government, and real estate sectors have been targeted with a new backdoor in a string of malware attacks, according to a warning from Proofpoint.
Italy Investigates Russia’s Kaspersky Antivirus Software
Italy’s data privacy watchdog said Friday it was investigating the “potential risks” that Russian antivirus software Kaspersky could be used to launch cyberattacks.
