MalwareLummaC2 infostealer uses obfuscated scripts via PowerShell to target endpointsSteve ZurierAugust 30, 2024PowerShell attacks are common, but the malware’s combination of obfuscation, trusted Windows binaries, and persistence techniques makes it dangerous.
Endpoint/Device SecurityThreat actor lures victims to malware-laden VPN page via call, textSteve ZurierAugust 29, 2024Social-engineering attacks that lead users to fake VPN sites targeted employees at more than 130 U.S. companies.
RansomwareBlackByte ransomware group targets VMware ESXi bugSteve ZurierAugust 28, 2024Security pros say by exploiting a recently discovered ESXi flaw, BlackByte has shifted to a more APT-style approach.
AI/ML‘ASCII Smuggling’ attack exposes sensitive Microsoft Copilot dataSteve ZurierAugust 27, 2024Security pros say the novel ASCII Smuggling technique underscores the evolving nature of AI-enabled attacks.
RansomwareTexas Dow Employees Credit Union notifies 500,000 of MOVEit breachSteve ZurierAugust 26, 2024The long delay in finding the breach in the Texas credit union case showcases the long tail of the MOVEit incident.
Critical Infrastructure SecurityHalliburton confirms cyberattack on its systemsSteve ZurierAugust 23, 2024The oil field services company told the SEC that the attack forced it to take certain systems offline.
Application securityGoogle patches ninth Chrome zero-day of 2024Steve ZurierAugust 22, 2024Microsoft told Google about the Chrome bug on a Monday and Google released the patch two days later.
Application security‘ALBeast’ load balancer flaw may affect 15,000 Amazon Web Services appsSteve ZurierAugust 21, 2024Miggo researchers said the AWS bug was caused by two factors: a missing token validation and a misconfigured security groups notification.
Cloud SecurityTLS bootstrap attack gains access to Azure Kubernetes Services clusterSteve ZurierAugust 20, 2024While Microsoft has patched the issue, security pros warn that teams need to audit their AKS clusters.
Application securityBugs in Microsoft apps for macOS could give privileges to attackersSteve ZurierAugust 19, 2024Security pros say the flaws in six apps for macOS could let attackers take over cameras, microphones and screen recordings.