Software Composition Analysis (SCA) is an important layer of security for modern business networks, as software developers increasingly rely on open source and commercial components. Open source coding has become a dominant…
Tag: ethical
Rising Demand for MSSPs
Managed Security Service Providers (MSSPs) have been helping companies operate more securely for some time, but demand for their services has skyrocketed due to digital transformation and the COVID-19 pandemic. It is…
Russian Hackers Conduct Complex Cyberattacks
A group of Russian hackers is alleged to have conducted a series of complex cyberattacks against U.S. government entities, private organizations, and individuals. The Washington Post has identified Cozy Bear, a Russian…
Cyberattacks escalate amid George Floyd protests
Following the death of George Floyd, protests have broken out across the United States and across the world, calling for reform in the police system. At the same time, hackers have launched…
Alloy Taurus: Espionage Evolution Continues
Alloy Taurus is a Chinese nation-state group that has been active since at least 2012, targeting telecom companies, financial institutions, and government entities. Recently, they have been linked to a campaign called…
Charming Kitten: Targeting Critical Infrastructure
Charming Kitten, an Iranian state-sponsored APT group, is actively targeting multiple victims in the United States, Europe, the Middle East and India with a novel malware called BellaCiao. Discovered by Bitdefender Labs,…
Evilextractor: Malware Disguised as Education
A new malware called Evilextractor is being marketed as an educational tool but is being used by threat actors to steal data and files from Windows systems. It contains several modules that…
Bumblebee Malware Targeting Corporate Software
A dangerous malware named Bumblebee is being distributed through Google ads and SEO poisoning that promote popular corporate software such as Citrix Workspace, Cisco AnyConnect, ChatGPT, and Zoom. Bumblebee is a malware…
Unix ‘sudo’ Vulnerability Discovered
Security researchers have discovered a vulnerability in the Unix-based “sudo” command, which allows users to execute commands with root privileges on a Unix-based system. The vulnerability, named CVE-2023–22809, affects sudo versions ≥…
Iran-Linked Group Attacks US Infrastructure
The Iranian government-linked actor, Mint Sandstorm, has been linked to a series of attacks on critical infrastructure in the US from late 2021 to mid-2022, according to the Microsoft Threat Intelligence team….