Julien Maury Avatar
  • Hacker at computer

    Hackers Steal Session Cookies to Bypass Multi-factor Authentication

    Cyber attackers continue to up their game. One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). The new attack method, reported by Sophos researchers yesterday, is already growing in use. The “cookie-stealing cybercrime spectrum” is broad, the researchers wrote, ranging from “entry-level […]

  • Linux dirty cred

    New Linux Exploit ‘Dirty Cred’ Revealed at Black Hat

    A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference. Zhenpeng Lin, a PhD student, and a team of researchers worked on an alternative approach to the infamous Dirty Pipe vulnerability that affected Linux kernel versions 8 and later. Dity Pipe is a major flaw that allows attackers […]

  • cybersecurity

    CI/CD Pipeline is Major Software Supply Chain Risk: Black Hat Researchers

    Continuous integration and development (CI/CD) pipelines are the most dangerous potential attack surface of the software supply chain, according to NCC researchers. The presentation at last week’s Black Hat security conference by NCC’s Iain Smart and Viktor Gazdag, titled “RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise,” builds on previous work NCC […]

  • Manjusaka hacking tool

    Cobalt Strike Inspires Next-generation Crimeware

    Cobalt Strike is a legitimate vulnerability scanning and pentesting tool that has long been a favorite tool of hackers, and it’s even been adapted by hackers for Linux environments. And now it’s inspiring imitators. Cisco Talos researchers have disclosed a new toolset used in the wild by threat actors as an alternative to Cobalt Strike […]

  • macro security

    Hackers Find Alternatives to Microsoft Office Macros

    Hackers have been exploiting macros in Microsoft Office products for years, but now their tactics are changing as Microsoft has begun blocking macros by default. The typical attack scenario involves phishing via email attachments, such as Word, Excel or PowerPoint documents containing malicious macros infected with malware. Such documents are common in enterprises, and the […]

  • linux security

    New Linux Malware Surges, Surpassing Android

    Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system. The Atlas VPN report said the number of new Linux malware samples collected soared by 646% from the first half of 2021 to the first half of 2022, […]

  • network security

    How to Secure DNS

    The domain name system (DNS) is basically a directory of addresses for the internet. Your browser uses DNS to find the IP for a specific service. For example, when you enter esecurityplanet.com, the browser queries a DNS service to reach the matching servers, but it’s also used when you send an email. It is handy […]

  • lilith ransomware

    Lilith: The Latest Threat in Ransomware

    Discovered by malware hunter JAMESWT on Twitter, Lilith is ransomware designed to lock Windows machines. The malware exfiltrates data before encrypting the targeted devices to provide additional means of extortion. The ransom note contains the following ultimatum and instructions: Victims have three days to contact the threat actors on a hidden Onion website to pay […]

  • linux security

    New Highly-Evasive Linux Malware Infects All Running Processes

    Intezer Labs security researchers have identified a sophisticated new malware that targets Linux devices. Dubbed OrBit, the malware can gain persistence quickly, evade detection and hide its presence in network activity by manipulating logs. The module hooks functions called in shared libraries, which is pretty common for malware, but it also implements “advanced evasion techniques” […]

  • software security

    25 Most Dangerous Software Vulnerabilities & Flaws Identified by MITRE

    MITRE has released its latest list of the top 25 most exploited vulnerabilities and exposures found in software. The MITRE CWE list is different from the product-specific CVE lists from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other agencies and instead focuses on more generic software development weaknesses, similar to the OWASP list […]

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis