Security researchers at NCC Group have created a new tool capable of launching a new type of Bluetooth Low Energy (BLE) relay attack that bypasses existing protections and mitigations.
Researchers Devise New Type of Bluetooth LE Relay Attacks
Iran-Linked OilRig APT Caught Using New Backdoor
The Iran-linked hacking group OilRig was observed using a new backdoor in an attack against a government official within Jordan’s foreign ministry, according to new research published this week.
BalkanID Raises $6M for Intelligent IGA Technology
BalkanID, a startup with ambitious plans to disrupt the Identity Governance and Administration (IGA) space, has banked $5.75 million in seed funding to help organizations find and remediate risky privileges across SaaS and public cloud infrastructure.
Email Security Vendors Score Billion-Dollar Valuations
Material Security, a startup jostling for space in the crowded email security market, has banked $100 million in new venture capital funding as investors continue to attach billion-dollar valuations to early stage cybersecurity vendors.
SaaS App Vanity URLs Can Be Spoofed for Phishing, Social Engineering
Vanity URLs offered by SaaS applications can be spoofed by malicious actors for phishing and social engineering, according to data security and analytics company Varonis.
Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited
Microsoft on Tuesday released critical software updates to fix at least 73 documented security flaws in the Windows ecosystem and warned that unknown attackers are already launching zero-day man-in-the-middle attacks.
Adobe Warns of ‘Critical’ Security Flaws in Enterprise Products
Software maker Adobe on Tuesday shipped patches to cover at least 18 serious security defects in multiple enterprise-facing products and warned that unpatched systems are at risk of remote code execution attacks.
GitHub Announces Mandatory 2FA for Code Contributors
Code hosting platform GitHub on Wednesday said it would make it mandatory for software developers to use at least one form of two-factor authentication (2FA) by the end of 2023.
US Gov Issues Security Memo on Quantum Computing Risks
National security memo warns that a quantum computing could jeopardize civilian and military communications, and defeat security protocols for most Internet-based financial transactions
Kaspersky Warns of Fileless Malware Hidden in Windows Event Logs
Threat hunters at Kaspersky are publicly documenting a malicious campaign that abuses Windows event logs to store fileless last stage Trojans and keep them hidden in the file system.
