Cyber Security

Ransomware Attacks are on the Rise

Infosec Insider Post Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Continue Reading

Can your iPhone be hacked? What to know about iOS security

Sorry, Readability was unable to parse this page for content.

Continue Reading

Microsoft Exchange Attacks: Zero-Day or New ProxyShell Exploit?

A cybersecurity company based in Vietnam has reported seeing attacks exploiting a new Microsoft Exchange zero-day vulnerability, but it may just be a variation of the old ProxyShell exploit. Vietnamese firm GTSC published a blog post this week to provide information and indicators of compromise (IoC) associated with an attack campaign leveraging what appear to […]

Continue Reading

Morgan Stanley fined millions for selling off devices full of customer PII

Morgan Stanley, which bills itself in its website title tag as the “global leader in financial services”, and states in the opening sentence of its main page that “clients come first”, has been fined $35,000,000 by the US Securities and Exchange Commission (SEC)… …for selling off old hardware devices online, including thousands of disk drives, […]

Continue Reading

Cisco Patches High-Severity Vulnerabilities in Networking Software

Cisco this week announced IOS and IOS XE software updates that address 12 vulnerabilities, including 10 high-severity security flaws. The bugs were resolved as part of Cisco’s semiannual bundle patches for its networking software, which it releases in March and September. With a CVSS score of 8.6, the most severe of the newly addressed issues […]

Continue Reading

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Infosec Insider Post Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Continue Reading

Uber and Rockstar – has a LAPSUS$ linchpin just been busted (again)?

The curious name LAPSUS$ made huge headlines in March 2022 as the nickname of a hacking gang, or, in unvarnished words, as the label for a notorious and active collective of cybercriminals: The name was somewhat unusual for a cybercrime crew, who commonly adopt handles that sound edgy and destructive, such as DEADBOLT, Satan, Darkside, […]

Continue Reading
wp-header-logo-26.png

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About […]

Continue Reading

Watering Hole Attacks Push ScanBox Keylogger

Infosec Insider Post Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Continue Reading

WhatsApp “zero-day exploit” news scare – what you need to know

For the last day or two, our news feed has been buzzing with warnings about WhatsApp. We saw many reports linking to two tweets that claimed the existence of two zero-day security holes in WhatsApp, giving their bug IDs as CVE-2022-36934 and CVE-2022-27492. One article, apparently based on those tweets, breathlessly insisted not only that […]

Continue Reading