Service desks are under attack: What can you do about it?
Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk.
RVTools hit in supply chain attack to deliver Bumblebee malware
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack where hackers replaced a DLL in the distributed installer to drop the Bumblebee malware loader on users' machines.
Memority lève 13 millions d'euros pour sa plateforme de gestion des identités et des accès
La jeune pousse française, devenue indépendante d'Accenture en 2023, met au point une plateforme SaaS de gestion des authentifications et des...-Cybersécurité
Major Russian state services disrupted, reportedly due to cyberattack
Internet monitoring services showed ongoing disruptions to Russia's tax service, as well as services for managing secure digital keys and documents (Saby), among others.
High-Profile AI Failures Teach Us About Resilience | CSA
When AI fails, it often fails fast and loud. Apply CSA’s AI Resilience Benchmarking Model to 4 real incidents to get a better understanding of AI failures.
Ransomware attack hits supplier of refrigerated groceries to British supermarkets
Peter Green Chilled, which ships refrigerated food to supermarkets, is the latest company in the U.K.'s grocery sector to announce disruption from a cyberattack.
Duping Cloud Functions: An emerging serverless attack vector
Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure.
A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDash’s system to pay the driver accounts. Then he’d switch those same orders back to “in process” and do it all over again. Doing this “took less than five minutes, and was repeated hundreds of times for many of the orders,” writes the US Attorney’s Office...
Explore how consent phishing exploits OAuth to bypass MFA, granting attackers persistent access to SaaS apps. Learn strategies to defend against this threat.
Le département des Hauts-de-Seine touché par une cyberattaque “de grande ampleur”
La collectivité francilienne a annoncé avoir été victime d'une importante cyberattaque. En conséquence, “l'ensemble des systèmes d'information...-Cybersécurité
Malware-infected printer delivered something extra to Windows users
You'd hope that spending $6,000 on a printer would give you a secure experience, free from viruses and other malware. However, in the case of Procolored printers, you'd be wrong.
Fake KeePass password manager leads to ESXi ransomware attack
Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network.
O2 UK patches bug leaking mobile user location from call metadata
A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target.