Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process. In this post, we’ll explore hybrid attacks — what they are and the most common…

Read More

Oct 11, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices…

Read More

Oct 11, 2024Ravie LakshmananDevOps / Vulnerability GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of…

Read More

Oct 11, 2024Ravie LakshmananCybercrime / Dark Web The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United…

Read More

The growing popularity of online marketplaces has attracted fraudsters preying on unsuspecting buyers and sellers, looking to score payment card information rather than to strike a bargain. ESET researchers have found that one such organized scammer network – which uses Telekopye, a toolkit discovered by ESET Research in 2023 – has expanded its operations to…

Read More

Ukraine’s cyber police have arrested a 28-year-old man who operated a massive virtual private network (VPN) service, allowing people from within the country to access the Russian internet (Runet). Runet is the portion of the internet that includes Russian sites on the “.ru” and “.su” top-level domains, including government sites, social media platforms, search engines, and…

Read More

Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. Code White security researcher Florian Hauser found that the security flaw, now tracked as CVE-2024-40711, is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit in…

Read More

With the new Databricks Apps partners and customers can rapidly build and deploy native applications for the Databricks Data Intelligence Platform that tap into the system’s data and leverages its data security and governance capabilities. Databricks is launching a public preview of Databricks Apps, a new set of development capabilities that the company says provides…

Read More

The chip designer says the Ryzen AI Pro 300 processors for AI-accelerated laptops combine leadership performance and efficiency with new enterprise-level security features such as Cloud Bare Metal Recovery as well as remote management and deployment capabilities. AMD is calling its newly launched Ryzen AI Pro 300 processors the “best AI PC platform” for businesses,…

Read More

We’re looking at startups founded in the past four years that have recently launched new offerings for cloud, data or identity security. As threat actors continue to move away from targeting endpoints as their main focus, attacks aimed at cloud environments and identity systems continue to surge. When it comes to identity, for instance, many…

Read More