RansomwareAkira takes in $42 million in ransom payments, now targets Linux serversSteve ZurierApril 19, 2024Security pros say threat actors gravitate towards Linux because it’s the OS of choice for many critical server functions.
Cloud SecurityMicrosoft finds Kubernetes clusters targeted by OpenMetadata exploitsLaura FrenchApril 18, 2024A cryptominer campaign leveraged five vulnerabilities in OpenMetadata to infect environments.
Vulnerability Management‘MadMxShell’ leverages Google Ads to deploy malware via Windows backdoorSteve ZurierApril 18, 2024Security pros say using Windows backdoor in a malvertising campaign could expose companies to other malware attacks.
Critical Infrastructure SecurityRussia’s Sandworm APT linked to attack on Texas water plantSimon HenderyApril 18, 2024The threat group is best known for its sustained campaign against Ukrainian targets and infrastructure.
Network SecurityBrute-force attacks surge worldwide, warns Cisco Talos Steve ZurierApril 17, 2024While a longstanding method, the scale and systematic execution of the attacks signify an escalation, security pros said.
RansomwareAtlassian Confluence Linux instances targeted with Cerber ransomware Laura FrenchApril 17, 2024Attackers exploited a critical vulnerability to create a new administrator account.
Application securityScammers offer cash to phone carrier staff to swap SIM cardsSimon HenderyApril 17, 2024T-Mobile and Verizon workers report receiving text messages offering them up to $300 for each illegal SIM swap they complete.
RansomwareRansomHub says Change Healthcare data now up for saleLaura FrenchApril 16, 2024The ransomware group posted screenshots of alleged insurer and patient information Monday.
RansomwareOmni Hotels confirms data compromise in apparent ransomware attack Steve ZurierApril 16, 2024Security pros say the hospitality sector represents a new attack vector for the Daixin Team ransomware gang.
IdentityCisco Duo customer MFA message logs stolen in supply chain hackSimon HenderyApril 16, 2024A social-engineering attack against one of the company’s telephony suppliers led to the breach.
In memoriam: Steven Young, respected CISO and former Cybersecurity Collaborative VPBill BrennerApril 19, 2024
How ADR – application detection and response – can become the ‘EDR for apps’Daniel Shechter April 19, 2024