Cybersecurity researchers of CloudSEK uncover rise in Investment scams on Social media

Investment scams primarily operate through social media and messaging platforms like WhatsApp and Telegram. CloudSEK found a surge in malicious content on these platforms — over 29,000 fraudulent ads on Facebook and a 81,000 fake investment groups on WhatsApp. The report covers an in-depth report exposing a troubling rise in investment scams targeting individuals in…

Read More

Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack

Shockwaves from the Russian government’s hack of Microsoft’s corporate infrastructure continue to spread with news that the software giant is notifying surprised customers that their emails were also stolen by the Midnight Blizzard hackers. According to published reports, Redmond’s incident response team is providing a secure portal for customers to view specifics of emails stolen…

Read More

Intel Says No New Mitigations Required for Indirector CPU Attack

A team of researchers from the University of California San Diego has published a paper detailing a novel attack method targeting Intel CPUs. The chip giant says no new mitigations are required to address it.  The new attack, named Indirector, is similar to the well-known Spectre v2 or Spectre Branch Target Injection (BTI) attack.  These methods typically allow…

Read More

Aditya Birla Sun Life Insurance Appoints Santosh Sheshware as CISO

Santosh Sheshware has assumed the roles of Chief Information Security Officer and Head of Information Security at Aditya Birla Sun Life Insurance. This is a significant step towards enhancing the company’s cybersecurity framework. With over 17 years of experience in information security across prominent organizations like Bharti AXA Life, PNB MetLife, India Infoline group, HSBC,…

Read More

Water Sigbin Hackers Exploit Oracle WebLogic Vulnerabilities

Cybersecurity researchers uncovered a sophisticated attack campaign by the Water Sigbin (aka 8220 Gang) threat actor that exploited vulnerabilities in the Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839, to deploy the XMRig cryptocurrency miner on compromised systems.   The attack begins with the threat actor exploiting the WebLogic vulnerabilities to execute a malicious PowerShell script on the victim…

Read More

Fortinet Acquires Unicorn Lacework to Enhance Cloud Security

Deal Integrates Lacework’s CNAPP into Fortinet’s Security Fabric and SASE Platform Fortinet extended a lifeline to troubled cloud security vendor Lacework, agreeing to purchase the late-stage startup that once earned the largest funding round in cybersecurity history. The Silicon Valley-based platform security vendor said the proposed acquisition of San Jose, California-based Lacework will enhance Fortinet’s…

Read More

Deepfakes, Fraudsters and Hackers Are Coming for Cybersecurity Jobs

Companies in the market for cybersecurity professionals could face a new method of attack, made harder to spot because of artificial intelligence: Hackers posing as job applicants. As cyber threats targeting U.S. companies multiply, some security leaders have increased scrutiny during hiring to weed out bad actors—or simply applicants with over-embellished resumes. Globally, the cyber…

Read More

Central cyber security agency warns users about vulnerabilities in Microsoft Edge

The Indian Computer Emergency Response Team has found multiple vulnerabilities in the Microsoft Edge browser. As per the agency, these vulnerabilities could potentially be exploited by an attacker to compromise the targeted system. After warning Android users of vulnerability, the Indian Computer Emergency Response Team (CERT-In), which operates under the Ministry of Electronics & Information…

Read More

Russian Hackers Claim Cyberattack on Spanish Defence Company

Santa Barbara Systems, a General Dynamics (GD.N) subsidiary in Spain that is refurbishing Leopard tanks for delivery to Ukraine, suffered a cyberattack on its website, a pro-Russia hacker group said. A spokesperson for General Dynamics confirmed that the defence contractor’s Spanish unit had been targeted in an attempted cyberattack “that was detected immediately and has not…

Read More

SANS-GIAC Workforce research report for yr 2024 ‘Hire, Retain Mid-level cyber security professionals

SANS-GIAC Workforce research report for the year 2024 is based on a first-of-its-kind survey that analyzed the cybersecurity workforce with the goal of identifying the key factors to successfully build high-performing cybersecurity teams. The report focuses on efforts to hire and retain mid-level cyber security professionals The survey results analysed in this report zero in…

Read More