Equilend Warns Employees Their Data Was Stolen By Ransomware Gang
New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was...
Tuta Mail Adds New Quantum Resistant Encryption To Protect Email
Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. Tuta...
BianLian Threat Actor Shifts Focus to Extortion-Only Tactics
The BianLian threat actor has been observed shifting toward extortion-only activities, according to recent findings by GuidePoint’s Research and Intelligence...
Magnet Goblin Exploits Ivanti Vulnerabilities
Security researchers have uncovered a trend involving the exploitation of 1-day vulnerabilities, including two in Ivanti Connect Secure VPN. The flaws,...
CISA: VMware Releases Security Advisory for Multiple Products
VMware Releases Security Advisory for Multiple Products VMware released a security advisory to address multiple vulnerabilities in ESXi, Workstation, Fusion,...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases Three Industrial Control Systems Advisories
CISA Releases Three Industrial Control Systems Advisories CISA released three Industrial Control Systems (ICS) advisories on March 5, 2024. These...
CISA: CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices
CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices Today, CISA and the National Security Agency (NSA)...
CISA: Apple Releases Security Updates for iOS and iPadOS
Apple Releases Security Updates for iOS and iPadOS Apple released security updates to address vulnerabilities in iOS and iPadOS. A...
CISA: Apple Released Security Updates for Multiple Products
Apple Released Security Updates for Multiple Products Apple released security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS....
CISA: CISA Releases One Industrial Control Systems Advisory
CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on March 7, 2024. These...
CISA: CISA Adds One Known Exploited JetBrains Vulnerability, CVE-2024-27198, to Catalog
CISA Adds One Known Exploited JetBrains Vulnerability, CVE-2024-27198, to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities...
CISA: Cisco Releases Security Updates for Secure Client
Cisco Releases Security Updates for Secure Client Cisco released security updates to address vulnerabilities in Cisco Secure Client and Secure...
Microsoft Incident Response lessons on preventing cloud identity compromise
Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in...
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a...
Financially motivated threat actors misusing App Installer
Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and...
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server
Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix...
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star...
Threat actors misuse OAuth applications to automate financially driven attacks
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for...
Midnight Blizzard: Guidance for responders on nation-state attack
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our...
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern...
Staying ahead of threat actors in the age of AI
Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of...
Join us at InfoSec Jupyterthon 2024
Jupyter notebooks are continuing to grow in popularity in information security as an alternative or supplement to mainstream security operations...
