Cybersecurity researchers identified a new information-stealing malware that targets browsers and cryptocurrency wallets.

A roundup of the top WordPress plugin vulnerabilities and patch updates for May, 2023. Core WordPress update is also available which patches several bugs and vulnerabilities. Update now to mitigate risk.

Il primo hackerspace bresciano, nato per promuovere la cultura open-source tramite la condivisione di idee, risorse ed esperienze!

Jimbos Protocol, an Arbitrum-based DeFi project, has suffered a flash loan attack that resulted in the loss of more than of 4000 ETH tokens, currently valued at over $7,500,000.

Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million patients that their personal data were compromised.

Eurispes lancia l’allarme sul rischio di sabotaggio dei cavi sottomarini: vulnerabilità mitigabile adottando una politica di diversificazione degli approdi. Un problema, quello della protezione delle infrastrutture sottomarine, sempre più rilevante anche alla luce dell’attuale situazione geopolitica. Facciamo il punto

Attacco ransomware: se non è possibile evitarlo, ecco come effettuare un ripristino rapido ed evitare danni maggiori.

The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services (IIS) web servers to gain initial access to corporate networks.

L'Ufficio Italiano Brevetti e Marchi (UIBM) e il Ministero delle Imprese e del Made in Italy (MIMIT) mettono in guardia dai tentativi di frode

Elena Koldobsky, Threat Intelligence Analyst

KELA Cyber Intelligence Center

Elena Koldobsky, Threat Intelligence Analyst

KELA Cyber Intelligence Center

Irina Nesterovsky, Chief Research Officer

Yael Kishon, Threat Intelligence Analyst

Victoria Kivilevich, Director of Threat Research

The cybercrime underground is complex and dynamic, and cybercrime threats that emerge from it pose a significant risk to organizations. What organizations know and refer to as the cybercrime underground is changing within the hour. Unfortunately, many organizations underestimate that risk or may believe that cybercrime monitoring and threat detection doesn’t apply to their organization. […]

Yael Kishon, Threat Intelligence Analyst Managed service providers (MSPs or MSSPs) have become a vital part of many companies, providing a range of IT services and support to keep operations running smoothly. At the same time, MSPs become attractive targets for cybercriminals aiming not only to compromise assets of a single company, but also to […]

David Carmiel, KELA’s CEO In recent years, the cybercrime underground has become increasingly sophisticated and profitable by preying on vulnerable organizations. As a result, security leaders must gain visibility into what happens in this underground network of illegal activity to protect their organizations from emerging threats and accurately assess their risks. In this article, I […]

La Cina è il Paese con la strategia meglio definita in ambito cyber security e con investimenti paragonabili soltanto agli Stati Uniti

Negli ultimi cinque anni, l'Autorità Garante per la protezione dei dati personali, comunemente nota come Garante Privacy, ha svolto svariate attività: da quelle di sensibilizzazione/campagne informative, a quelle più severe pensando a ispezioni e sanzioni. Facciamo il punto di questo primo quinquennio

Sono diverse decine gli attacchi documentati a questa tecnologia che, tra punti deboli e vere e proprie vulnerabilità, risulta essere meno sicura di quanto si possa credere. Alcuni accorgimenti per aumentarne resilienza e resistenza ai cyber attacchi

1️⃣ Download Wireshark (https://www.wireshark.org/download.html), open it and be sure to specify the protocol we need in the filter — STUN…

In other news: The Pentagon has a new Cyber Strategy; hacker backdoors Emby media servers around the world; and the NSO Group has new ownership.

State efforts to pass privacy legislation are heating up in the absence of federal progress on the issue.

The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year.

A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files.

padre is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.