Threats

Microsoft’s Fix Fails to Patch ProxyNotShell RCE Flaws

After Microsoft published guidance on mitigating the two remote code execution flaws uncovered last week by Vietnamese security firm GTSC, it seems the mitigations Microsoft suggested weren’t as effe...

ZINC Hackers Leverage Open-source Software to Lure IT Pros

ZINC, a sub-group of the notorious North Korean Lazarus hacking group, has implanted malicious payloads in open-source software to infiltrate corporate networks, Microsoft's threat hunting team has r...

Symantec, GTSC Warn of Active Microsoft Exploits

Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at lea...

Unpatched Python Library Affects More Than 300,000 Open Source Projects

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The researchers believe it could be used again...

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a ne...

Threat Group TeamTNT Returns with New Cloud Attacks

A retired threat actor has returned with new attacks aimed at the cloud, containers - and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to thos...

New Linux Malware Shikitega Can Take Full Control of Devices

AT&T Alien Labs has discovered a new Linux malware that can be used for highly evasive attacks, as the infection has been designed for persistence and runs on practically all kinds of Linux devic...

New GIFShell Attack Targets Microsoft Teams

A cybersecurity consultant has discovered a new attack chain that leverages GIF images in Microsoft Teams to execute arbitrary commands on the target’s machine. The exploit uncovered by Bobby Rauc...

CVSS Vulnerability Scores Can Be Misleading: Security Researchers

Vulnerability management systems based on the Common Vulnerability Scoring System (CVSS) v2 scoring system may be misguided, as a new report found that roughly half of the most critical vulnerabiliti...

Top Network Detection & Response (NDR) Solutions

In the race to offer comprehensive cybersecurity solutions, the product known as network detection and response (NDR) is a standalone solution as well as a central component of XDR. Whereas ol...

Latest articles