The increasing problem of leaked credentials is becoming a critical issue for businesses, particularly with non-human identities (NHIs) like microservices and Kubernetes workloads, which now outnumber human identities 45:1. Research by GitGuardian and CyberArk reveals that 79% of IT decision-makers have experienced secrets leaks, with over 12.7 million hardcoded credentials …
A recent report from cybersecurity firm Infoblox highlights a long-standing yet underappreciated threat: Sitting Ducks attacks. Over the past five years, tens of thousands of domains, including those belonging to well-known brands, non-profits, and government entities, have been hijacked due to vulnerabilities in DNS ownership verification. Alarmingly, this issue has …
The city of Sheboygan, Wisconsin, is grappling with a significant cybersecurity incident after hackers demanded a ransom following unauthorized access to its network. This cyberattack, which began in late October, has led to widespread technology outages impacting city operations. City officials have isolated parts of the network and are collaborating …
The cybersecurity agencies within the Five Eyes alliance — the U.S., U.K., Australia, Canada, and New Zealand — have issued an urgent advisory on a troubling trend: cyber actors are now more frequently exploiting zero-day vulnerabilities to penetrate networks. This marks a shift from recent years when attackers predominantly targeted …
Cybercriminals are now leveraging ZIP file concatenation to deliver malware undetected, exploiting the way ZIP parsers process these combined files. This tactic, identified by researchers at Perception Point, was used in a phishing scheme where hackers hid a trojan within a seemingly harmless compressed file attachment. How ZIP File Concatenation …
Recent research has uncovered critical vulnerabilities in Mazda’s infotainment system, Mazda Connect, posing potential security risks for vehicles. Trend Micro’s Zero Day Initiative (ZDI) has identified multiple flaws within Mazda Connect’s Connectivity Master Unit (CMU), which could allow attackers to execute unauthorized code with root access, thereby taking over the …
This week, the SonicWall Capture Labs threat research team uncovered a new ransomware strain named GoZone, which employs particularly coercive tactics to extract payments from its victims. Unlike traditional ransomware that merely encrypts files, GoZone takes a more sinister approach by accusing victims of possessing explicit content on their computers. It …
Over 200,000 SelectBlinds customers who shopped for blinds or window treatments in 2023 may have had their personal and payment information stolen in a recent cyber attack. Hackers embedded malware on the retailer’s website, allowing them to scrape sensitive data from the checkout page, including usernames, passwords, addresses, emails, phone …
Ransomware attacks are becoming a significant threat to critical infrastructure, with financial impacts soaring up to $1 million per incident. A survey conducted by Claroty, which involved 1,100 security professionals in sectors such as chemical manufacturing, healthcare, and energy, revealed that 45% of organizations suffered financial losses exceeding $500,000 due …
Businesses of all sizes face growing complexities in managing IT infrastructure and protecting against cybersecurity threats. When deciding how to manage these responsibilities, two of the most common options are partnering with a Managed Service Provider (MSP) or a Managed Security Service Provider (MSSP). While these two providers may seem …
