Jun 18, 2024NewsroomMalware / Cybercrime Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. “Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex…
Read More
Kyle Hanslovan tells CRN that the funding round—which more than doubles Huntress’ valuation to surpass $1.5 billion—will boost the company’s R&D and M&A efforts with a focus on key segments for partners. Huntress announced Tuesday it has raised $150 million in funding to accelerate its expansion into new product segments, as part of a drive…
Read More
Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA). Despite economic instability and major job cuts in 2023, organizations…
Read MoreRethinking Democracy for the Age of AI There is a lot written about technology’s threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st century. They don’t…
Read More
CCSP certification Certified Cloud Security Professional (CCSP) is a cloud-focused security certification for experienced security pros responsible for applying best practices to cloud security architecture and design. CCSP is offered by the International Information System Security Certification Consortium (ISC2), a nonprofit focused on training and certifying cybersecurity professionals. CCSP was rolled out at RSA in…
Read More
Jun 18, 2024NewsroomVulnerability / Cryptojacking Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that’s capable of downloading and executing more malicious programs as well as a utility to…
Read More
Data breaches become more likely when attackers capture abandoned files, including personal information, financial records, or confidential business data, Vibert says. “These forgotten or unmanaged pieces of data often lack strong protection, making them attractive targets.” Furthermore, stale data can equip cybercriminals with valuable historical information, enabling them to craft more convincing phishing emails or…
Read More
How to Recover from Ransomware Attack Incidents: What You Need to Know No business wants to fall victim to a ransomware attack. But in the event that last lines of defense do fail, it’s vital that companies have the right processes and technologies on hand to recover from any downtime, secure their systems from infection…
Read More
A US court has found a Nigerian national guilty of charges related to a US $1.5 million business email compromise (BEC) scam and could face the rest of his life in prison as a consequence. 35-year-old Ebuka Raphael Umeti was convicted last week by a federal jury in Alexandria, Virginia, for operating a scheme that…
Read More
Jun 18, 2024NewsroomNetwork Security / Vulnerability VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows – CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) – Multiple heap-overflow vulnerabilities in the implementation…
Read More