Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. “The vulnerabilities we found could have allowed attackers to access customers’ data…
Investment scams primarily operate through social media and messaging platforms like WhatsApp and Telegram. CloudSEK found a surge in malicious content on these platforms — over 29,000 fraudulent ads on Facebook and a 81,000 fake investment groups on WhatsApp. The report covers an in-depth report exposing a troubling rise in investment scams targeting individuals in…
Cybersecurity researchers uncovered a sophisticated attack campaign by the Water Sigbin (aka 8220 Gang) threat actor that exploited vulnerabilities in the Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839, to deploy the XMRig cryptocurrency miner on compromised systems. The attack begins with the threat actor exploiting the WebLogic vulnerabilities to execute a malicious PowerShell script on the victim…
By Gregor Stewart, Vice President of Artificial Intelligence at SentinelOne The tech world has been abuzz surrounding AI for well over a year. Yet, beyond creating photo-realistic images that involve too many fingers, it remains unclear to the cybersecurity community how exactly this technology can be implemented to their benefit. Even more, how can it…
Recently Securitydive interacted with Shawn Loveland COO of Resecurity who emphasized the company’s commitment to making cybersecurity services accessible to everyday citizens who may not be fully aware of looming cyber threats. Loveland stated, “Cybercriminals often exploit the digital identities of children, women, and law-abiding individuals to commit cybercrimes and fraud, causing detrimental impacts on the…
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. The threat actors are using VBScript – a programming language used to automate tasks on Windows computers – to create a malicious script with previously unreported features to maximize the damage of the attack, Kaspersky Global Emergency Response team reports. The…
Amidst rising tensions with China in the South China Sea, Resecurity has observed a significant spike in malicious cyber activity targeting the Philippines in Q1 2024, increasing nearly 325% compared to the same period last year. The number of cyberattacks involving hacktivist groups and foreign misinformation campaigns has nearly tripled. In Q2 2024, this growth trajectory continues, with Resecurity observing multiple cyberattacks staged by previously unknown threat actors. These attacks are characterized by the…
The Department of Health and Human Services (HHS) has begun an initiative to better organize and equip its healthcare cyber security programs through a one-stop shop. This latest resource is created through the HHS Administration for Strategic Preparedness and Response (ASPR), which leads the US during disasters and public health emergencies relating to health and…
Cyviation, focuses on aircraft security and provides multiple layers of resilience ranging from fleet assessment and aircrew training to aviation security SIEM. The aim of the company is to remain focused on their mission and empower the aviation industry with robust defenses and proactive strategies. Providing cyber event management and intrusion detection for commercial aircraft…
URL protection is an advanced email security service rewrites all links in inbound email and scans the destination website in real-time when clicked by the user to ensure that suspicious websites are blocked, no matter which client or which device is being used. Google recently announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL…
