-
Operation Power Off: 13 More Booter Sites Seized
PRIVACY PRIVACY Four pleaded guilty to running DDoS-for-hire operations Read More
-
Five Takeaways From the Russian Cyber-Attack on Viasat’s Satellites
PRIVACY PRIVACY The 2022 AcidRain wiper attack, which shut down satellite services for thousands of people in Ukraine and Western Europe, was extensively discussed during the CYSAT conference in Paris Read More
-
New ransomware group CACTUS abuses remote management tools for persistence
PRIVACY PRIVACY A cybercriminal group has been compromising enterprise networks for the past two months and has been deploying a new ransomware program that researchers dubbed CACTUS. In the attacks seen so far the attackers gained access by exploiting known vulnerabilities in VPN appliances, moved laterally to other systems, and deployed legitimate remote monitoring and…
-
AI Hacking Village at DEF CON This Year
PRIVACY PRIVACY At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. Participants will be given laptops to use…
-
CIS Benchmarks May 2023 Update
PRIVACY PRIVACY Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for May 2023. Read More
-
New Wave of SHTML Phishing Attacks
PRIVACY PRIVACY Authored By Anuradha McAfee Labs has recently observed a new wave of phishing attacks. In this wave, the attacker has been abusing server-parsed HTML (SHTML) files. The SHTML files are commonly associated with web servers redirecting users to malicious, credential-stealing websites or display phishing forms locally within the browser to harvest user-sensitive information. …
-
Preventing sophisticated phishing attacks aimed at employees
PRIVACY PRIVACY The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As technology advances, phishing attempts are becoming more sophisticated. It can be challenging for employees to recognize an email is malicious…
-
Review your on-prem ADCS infrastructure before attackers do it for you
PRIVACY PRIVACY Attackers love to find weak spots in our domains and networks. Too often, they can enter systems to lie in wait and launch attacks at a later time. A case in point is the infamous SolarWinds software attack, which infected up to nine US agencies and many organizations with backdoors into their infrastructure. …
-
Uber’s ex-CSO avoids prison after data breach cover up
PRIVACY PRIVACY After covering up a data breach that impacted the personal records of 57 million Uber passengers and drivers, the company’s former Chief Security Officer has been found guilty and sentenced by a US federal judge. Read more in my article on the Hot for Security blog. Read More
-
Deconstructing Amadey’s Latest Multi-Stage Attack and Malware Distribution
PRIVACY PRIVACY Authored by By Yashvi Shah McAfee Labs have identified an increase in Wextract.exe samples, that drop a malware payload at multiple stages. Wextract.exe is a Windows executable file that is used to extract files from a cabinet (.cab) file. Cabinet files are compressed archives that are used to package and distribute software,…