Tag: network security
Penetration testing is a cornerstone of any mature security program and is a mature and well understood practice supported by robust methodologies, tools, and frameworks. The tactical goals of these engagements typically revolve around identification and exploitation of vulnerabilities in technology, processes, and people to gain initial, elevated, and administrative access to the target environment.…
Read More
Jun 04, 2024NewsroomVulnerability / Threat Intelligence Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have been observed in version 6…
Read More
Jun 04, 2024NewsroomNetwork Security / Cryptocurrency The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could…
Read More
‘CISOs that have been struggling with security and compliance tell us all the time that this is exactly what they need,’ says Aqueduct Technologies CTO Shane O’Brien. ‘This is a compliance game changer for customers.’ Aqueduct Technologies Chief Technology Officer Shane O’Brien is no longer surprised by the look of amazement he gets from CISOs…
Read More
Jun 03, 2024NewsroomMalware / Cybercrime Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, Veron over the past few years,…
Read More
Jun 03, 2024NewsroomSoftware Security / Supply Chain Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that’s designed to drop a remote access trojan (RAT) on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a “logger for gulp and gulp…
Read More
Jun 03, 2024The Hacker NewsCyber Threat Intelligence Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the enterprise. Cato’s Cyber Threat Research Lab…
Read More
Jun 03, 2024NewsroomEndpoint Security / Vulnerability Now-patched authorization bypass issues impacting Cox modems that could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands. “This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could’ve executed commands and modified the…
Read More
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. The critical role of security testing within software development cannot be overstated. From protecting personal information to ensuring that critical infrastructure remains unbreachable,…
Read More
Jun 03, 2024NewsroomMalware / Cyber Attack The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. “Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks,” the…
Read More