Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution

05/01/2024 0 Comments 0 tags

Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers.

New Bandook RAT Variant Resurfaces, Targeting Windows Machines

05/01/2024 0 Comments 0 tags

A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware. Fortinet

Three Ways To Supercharge Your Software Supply Chain Security

04/01/2024 0 Comments 0 tags

Section four of the “Executive Order on Improving the Nation’s Cybersecurity” introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If

UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT

04/01/2024 0 Comments 0 tags

The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. “The group’s weapon of choice is Remcos

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners

04/01/2024 0 Comments 0 tags

Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages,

Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack

04/01/2024 0 Comments 0 tags

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation

03/01/2024 0 Comments 0 tags

The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails

03/01/2024 0 Comments 0 tags

A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. “Threat

5 Ways to Reduce SaaS Security Risks

03/01/2024 0 Comments 0 tags

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

03/01/2024 0 Comments 0 tags

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password