Breaking Down AI in Cybersecurity: Outcomes Matter Most As the cyber threat landscape evolves, incorporating generative AI into both attackers and defenders’ toolbox utils is increasing. Evaluating the effectiveness of AI-based security offerings has become a challenging task. Asking the right questions can be a guide in choosing appropriate AI-driven cybersecurity solutions. Generative AI: A
Read More
Here are the main points of this article: – 48 new malicious npm packages that can deploy a reverse shell on vulnerable systems have been discovered in the npm repository. – These packages, masquerading as legitimate files, contained obfuscated JavaScript which starts a revers shell when installed. This was reported by Phylum, a software supply
Read More
Cybersecurity Researchers Uncover Spyware-Infected WhatsApp Mods Main Points: Cybersecurity researchers discover CanesSpy, a spyware module, in several WhatsApp mods for Android. These modified versions of WhatsApp have been found on questionable websites advertising such software and various Telegram channels being used by Arabic and Azerbaijani speakers. One such Telegram channel reportedly has 2 million users
Read More
Malvertising Scam Leveraging Facebook Ads Main Points Hijacked Facebook business accounts are running fraudulent ads, often featuring “revealing photos of young women” as bait. The trick is to manipulate victims into downloading an upgraded variant of NodeStealer malware. Clicking on the deceptive ads instantly downloads a file package that contains a malicious .exe ‘Photo Album’
Read More
A Deep Dive into MuddyWater’s New Spear-Phishing Campaign MuddyWater Targets Israeli Entities – The Iranian nation-state cyber actor MuddyWater has been tied to a fresh spear-phishing campaign. This time, they have their eyes set on two Israeli entities. – MuddyWater is not adding any extra baggage to their devilish deeds, rather they are opting to
Read More
New SaaS Discovery and Risk Assessment Product: Free User Access Review Included Launch of a unique “freemium” model product combining SaaS discovery and risk assessment with a complimentary user access review. This novel product aims to streamline the process of SaaS usage security, currently a vital need in cloud-based organizations. By integrating various approaches and
Read More
Multiple Windows Drivers Vulnerable to Security Threats – The Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) have 34 unique vulnerabilities. – Threat actors without privileges could exploit these vulnerable drivers to gain full control over devices and run arbitrary code on underlying systems. – Exploiters could also modify or delete firmware and/or elevate
Read More
CVSS V4.0: High Fidelity Vulnerability Assessment Unveiled The Forum of Incident Response and Security Teams (FIRST) releases CVSS v4.0. It aims to provide the highest level of vulnerability assessment. This update comes eight years after CVSS v3.0 which was released in 2015. A New Standard in Vulnerability Assessment The tech universe had its “aha” moment
Read More
Delights, Dangers and Domain Shortening: Unmasking Prolific Puma’s Peculiar Service Behold, the Mystery of the Shortened Links • The stealthy menace behind the scenes, appropriately dubbed as Prolific Puma, has been providing an underground link shortening service for his fellow “bad cats” over the past four years. Now, that’s what we call a real “Link-ognito”
Read More
The Browser: The Unsung Workplace Hero – The browser has become the main work interface in most modern companies. – Workers use browsers to create and interact with important data. – Employees use browsers to access both organizational and external SaaS and web applications. – Cyber adversaries heavily target browsers to steal the data within
Read MoreNo products in the cart.