Notícias

SolarWinds Blames Intern for ‘solarwinds123’ Password Lapse

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.  The said password "solarwinds123" was originally believed to have been publicly accessible via a GitHub repository…

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. "The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt said in…

Why do companies fail to stop breaches despite soaring IT security investment?

Let's first take a look back at 2020! Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data. A whopping 20 billion records were stolen in a single…

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are…

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by…

ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were…

REDES SOCIAIS

Formadores certificados