Zyxel firewalls under attack by Mirai-like botnet
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CV.....»»
Stratascale acquires Vector0 to strengthen its cybersecurity services
Stratascale, an SHI company, announced the acquisition of Vector0, an Attack Surface Management (ASM) provider. Through the acquisition, Stratascale professionals and their customers gain visibility of attack vectors and points of vulnerability, enha.....»»
Zyxel announces WiFi 6-enabled security firewalls for small- and medium-sized business networks
Zyxel Networks announced the addition of WiFi 6-enabled security firewalls to its ZyWALL USG FLEX 100 firewall series. Zyxel’s new USG FLEX 100AX Firewall supports WiFi 6 (802.11ax) to provide wired and wireless solutions that deliver holistic secu.....»»
3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone
Apple patches 3 zero-days after they were used in a sophisticated attack. Enlarge (credit: Getty Images) Apple has patched a potent chain of iOS zero-days that were used to infect the iPhone of an Egyptian presidential c.....»»
An inside look at NetSPI’s impressive Breach and Attack Simulation platform
In this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation (BAS) platform and discusses how it offers unique features – from customizable procedures to adva.....»»
New malware strain stealing business data from Intel Macs
Malware called "MetaStealer" is being used by hackers to attack businesses and to steal data from Intel-based Macs, with techniques including posing as legitimate app installers.Malware attacks against macOS continue to be a problem, with users being.....»»
Enterprises persist with outdated authentication strategies
Despite authentication being a cornerstone of cybersecurity, risk mitigation strategies remain outdated, according to new research from Enzoic. With the attack surface expanding and the increasing sophistication of cyber threats, organizations are st.....»»
Five ways that college campuses benefit from diversity, equity and inclusion programs
For more than half a century, colleges and universities have relied on dedicated programs to attract students of color and support them. Today, those programs—known as diversity, equity and inclusion, or DEI, programs—are under attack......»»
MGM Resorts: Slot machines go down in cyber-attack on firm
Customers also report problems with payments and check-in as IT systems go down at MGM Resorts' hotels......»»
Slot machines go down in cyber-attack on MGM Resorts
Customers also report problems with payments and check-in as IT systems go down at the group's hotels......»»
Microsoft Teams users targeted in phishing attack delivering DarkGate malware
A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Mi.....»»
The blueprint for a highly effective EASM solution
In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess.....»»
CISOs and board members work more closely than ever before
73% of board members believe they face the risk of a major cyber attack in the next 12 months, a notable increase from 65% in 2022, according to Proofpoint. Likewise, 53% feel unprepared to cope with a targeted attack, up from 47% the previous year......»»
Cisco security appliance 0-day is under attack by ransomware crooks
With no patch available yet, users must enable workarounds. The best: enforce MFA. Enlarge / Cisco Systems headquarters in San Jose, California, US, on Monday, Aug. 14, 2023. Cisco Systems Inc. is scheduled to release earnings fi.....»»
75% of education sector attacks linked to compromised accounts
69% of organizations in the education sector suffered a cyberattack within the last 12 months, according to Netwrix. Phishing and account compromise threaten the education sector Phishing and user account compromise were the most common attack paths.....»»
New infosec products of the week: September 8, 2023
Here’s a look at the most interesting products from the past week, featuring releases from CyberSaint, Ghost Security, Hornetsecurity, NTT Security Holdings, and TXOne Networks. Reaper: Open-source reconnaissance and attack proxy workflow automatio.....»»
Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)
Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any inte.....»»
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)
A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found.....»»
Musk shut off Starlink to prevent Ukraine attack on Russian ships, report says
New details on how Musk thwarted Ukraine's submarine drone attack near Crimea. Enlarge / Starlink satellite dish seen on September 25, 2022, in Izyum, Kharkiv region, amid the Russian invasion of Ukraine. (credit: Getty Images |.....»»
Malicious Google ads deceive Mac users into installing Atomic Stealer malware
A macOS malware discovered in April has found a new vector of attack, with people searching for software on Google finding malware presented as legitimate ads.Google search can turn up malicious adsThe malware payload known as Atomic macOS Stealer (A.....»»
Reaper: Open-source reconnaissance and attack proxy workflow automation
Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in pr.....»»