Insight Partners, VC Giant, Falls to Social Engineering
The startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.
Russian Groups Target Signal Messenger in Spy Campaign
These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.
Content Credentials Show Promise, But Ecosystem Still Young
While AI-generation services and major camera makers are adopting the specification for digitally signed metadata, creating a workflow around the nascent ecosystem is still a challenge.
Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes
Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. “The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate ‘linked devices’ feature that enables Signal to be used on…
Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild
The authentication bypass vulnerability in the OS for the company’s firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.
Sophos Firewall v21 MR1 is now available
It’s a fully supported upgrade from v21, v20, v19.5 and v19.0.
What Is the Board’s Role in Cyber-Risk Management in OT Environments?
By taking several proactive steps, boards can improve their organization’s resilience against cyberattacks and protect their critical OT assets.
New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. “Typically delivered through phishing emails…
The Ultimate MSP Guide to Structuring and Selling vCISO Services
The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of…