Tag: corporate
-
Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach
Picture this: you’ve hardened every laptop in your fleet with real”‘time telemetry, rapid isolation, and automated rollback. But the corporate mailbox”, the front door for most attackers”, is still guarded by what is effectively a 1990s-era filter.This isn’t a balanced approach. Email remains a primary vector for breaches, yet we often treat it as a…
-
Scattered Spider Exploiting VMware vSphere
Hacking Tactics Linked to Retail, Airline Compromises. The loosely connected band of adolescent cybercriminals tracked as Scattered Spider has joined the VMware hypervisor hacking bandwagon, pivoting into virtual servers through corporate instances of Active Directory. vSphere integration with Active Directory adds a yet another layer of insecurity. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/scattered-spider-exploiting-vmware-vsphere-a-29059
-
Elite Russian university launches degree program on sanctions evasion
The Higher School of Economics (HSE), a leading Russian institution, said the two-year course will focus on international corporate compliance and business ethics, and will be taught in both Russian and English. First seen on therecord.media Jump to article: therecord.media/russian-university-sanctions-evasion-degree
-
Hackers Use DNS Queries to Evade Defenses and Exfiltrate Data
Cybercriminals are increasingly exploiting the Domain Name System (DNS) to bypass corporate security measures and steal sensitive data, according to new research from cybersecurity experts. This sophisticated technique, known as DNS tunneling, transforms the internet’s essential >>phonebook
-
How defenders use the dark web
Tags: access, antivirus, attack, breach, corporate, credit-card, crypto, cyber, cybercrime, dark-web, data, data-breach, email, extortion, finance, fraud, government, group, hacker, healthcare, identity, incident, insurance, intelligence, Internet, interpol, law, leak, lockbit, mail, malware, monitoring, network, phishing, ransom, ransomware, service, software, theft, threat, tool, usa, vpnAttributing attacks to threat actors: When organizations suffer from data breaches and cyber incidents, the dark web becomes a crucial tool for defenders, including the impacted businesses, their legal teams, and negotiators.Threat actors such as ransomware groups often attack organizations to encrypt and steal their data so they can extort them for money, in exchange…
-
Airline executive agrees to dismiss litigation around alleged hackhire scheme
The cases, which stretched across multiple continents and shed light on the shady world of corporate espionage and mercenary hackers, stemmed from a scheme allegedly orchestrated by an attorney at the law firm Dechert to hack into Azima’s accounts for one of its clients. First seen on therecord.media Jump to article: therecord.media/airline-exec-agrees-to-dismiss-hack-for-hire-lawsuit
-
CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw
The U.S. cybersecurity agency gave federal agencies just one day to patch a security bug in Citrix Netscaler, which can be exploited to break into corporate and government networks. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/11/cisa-confirms-hackers-are-actively-exploiting-critical-citrix-bleed-2-bug/
-
CISA confirms hackers are actively exploiting critical ‘Citrix Bleed 2’ bug
The U.S. cybersecurity agency gave federal agencies just one day to patch a security bug in Citrix Netscaler, which can be exploited to break into corporate and government networks. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/11/cisa-confirms-hackers-are-actively-exploiting-critical-citrix-bleed-2-bug/
-
MCP is fueling agentic AI, and introducing new security risks
Tags: access, ai, api, attack, authentication, best-practice, ceo, cloud, corporate, cybersecurity, gartner, injection, LLM, malicious, monitoring, network, office, open-source, penetration-testing, RedTeam, risk, service, supply-chain, technology, threat, tool, vulnerabilityMitigating MCP server risks: When it comes to using MCP servers there’s a big difference between developers using it for personal productivity and enterprises putting them into production use cases.Derek Ashmore, application transformation principal at Asperitas Consulting, suggests that corporate customers don’t rush on MCP adoption until the technology is safer and more of the…
-
Tech firms complicit in ‘economy of genocide’, says UN rapporteur
A UN special rapporteur has called for technology firms operating in Israel and the Occupied Palestinian Territories to immediately halt their activities, in wider report about the role corporate entities have played in the Israeli state’s ongoing ‘crimes of apartheid and genocide’ First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366626968/Tech-firms-complicit-in-economy-of-genocide-says-UN-rapporteur
-
SEC seeks SolarWinds settlement in reversal for agency under new leadership
The decision by the commission, now under Republican control, could reshape the landscape of corporate accountability for cyber incidents. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/solarwinds-sec-settle-lawsuit/752322/
-
Has CISO become the least desirable role in business?
Tags: advisory, ai, business, cio, ciso, control, corporate, cybersecurity, data, dora, finance, governance, international, jobs, network, office, regulation, resilience, risk, sap, skills, startup, threatGeorge Gerchow, CSO, Bedrock Security George Gerchow / Bedrock Security”I’ll never report to a CTO or CFO again. I have to have seat at the table,” he says emphatically. Otherwise, he says, you become frustrated “because you’re not in control of your own destiny. You’re parsing everything to this other person who’s a leader in…
-
Deepfakes have reshaped corporate security and culture
First seen on scworld.com Jump to article: www.scworld.com/perspective/deepfakes-have-reshaped-corporate-security-and-culture
-
Sixfold surge of ClickFix attacks threatens corporate defenses
Countermeasures: ClickFix attacks often bypass many security tools because the approach relies on user interaction. Training users to recognize suspicious prompts and avoid copying and running code from untrusted sources is a critical first step in defending against the growing threat.Tightening up technical controls such as endpoint protection, web filtering, and email security technologies to…
-
Dozens of Corporates Caught in Kelly Benefits Data Breach
Benefits admin specialist Kelly Benefits has revealed a breach impacting over 500,000 individuals across 45 client organizations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dozens-corporates-kelly-benefits/
-
Chrome Zero-Day, ‘FoxyWallet’ Firefox Attacks Threaten Browsers
Separate threats to popular browsers highlight the growing security risk for enterprises presented by the original gateway to the Web, which remains an integral tool for corporate users. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/browsers-targeted-chrome-zero-day-malicious-firefox-extensions
-
Pakistani Threat Actors Created 300+ Cracking Sites to Distribute Info-Stealing Malware
A recent in-depth investigation by Intrinsec has exposed a sprawling network of over 300 cracking websites, orchestrated by Pakistani freelancers, designed to distribute info-stealing malware. These sites, often masquerading as legitimate sources for cracked software, have been identified as a primary vector for stealer compromises, impacting numerous corporate clients worldwide. Unveiling a Vast Network of…
-
Empower Your Team Through Efficient NHIs Management
Why Should Businesses Prioritize NHIs Management? While human identities have consistently held the limelight in cybersecurity, a lesser-known, yet equally consequential, aspect is the management of non-human identities (NHIs). Of late, the importance of effective NHIs management has started piercing the corporate consciousness, but why is it so vital? Navigating the Terrain of Non-Human Identities……
-
Being Proactive with Your NHIs Management
How Important Is Proactive NHI Management? Have you ever considered the significance of proactive Non-Human Identity (NHI) management in securing your cloud? With companies become more digitally reliant, managing machine identities and their secrets has evolved into an essential part of corporate strategy. This proactive approach to NHI management offers several advantages, including risk reduction,……
-
Some Brother printers have a remote code execution vulnerability, and they can’t fix it
The centerpiece of Rapid7’s disclosure is CVE-2024-51978, a vulnerability rated critical (CVSS 9.8 out of 10) that enables attackers to derive the default administrator password from the device’s serial number.While another of the discovered flaws, a medium severity information disclosure vulnerability (CVE-2024-51977), potentially allows an attacker to leak the prerequisite unique serial number via the…
-
AI security issues dominate corporate worries, spending
Two reports illustrate how business leaders are thinking about and budgeting for generative AI. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/artificial-intelligence-security-spending-reports/751685/
-
Hackers deploy fake SonicWall VPN App to steal corporate credentials
Hackers spread a trojanized version of SonicWall VPN app to steal login credentials from users accessing corporate networks. Unknown threat actors are distributing a trojanized version of SonicWall NetExtender SSL VPN app to steal user credentials. The legitimate NetExtender app lets remote users securely access and use company network resources as if they were on-site.…
-
Beyond Backup: How Coveware is Revolutionizing Veeam’s Ransomware Defense
In March 2024, Veeam, a leader in data protection, made a strategic move that significantly improved its stance on ransomware: the acquisition of Coveware. This wasn’t just another corporate acquisition. It was a deep integration of specialized expertise and cutting-edge technology, transforming Veeam from a backup and recovery solution moving into the security space into..…
-
Threat Actors Distribute Compromised SonicWall SSL VPN NetExtender to Steal Sensitive Data
Threat actors were discovered disseminating a malicious, altered version of SonicWall’s SSL VPN NetExtender application in a complex cyberattack that was discovered through a partnership between SonicWall and Microsoft Threat Intelligence (MSTIC). NetExtender, a critical tool for remote users, facilitates secure connections to corporate networks, enabling seamless access to applications, file transfers, and network resources…
-
LLMs hype versus reality: What CISOs should focus on
Tags: ai, attack, backdoor, breach, business, chatgpt, ciso, cloud, control, corporate, cyber, cybercrime, cybersecurity, data, finance, governance, LLM, malware, monitoring, network, open-source, risk, risk-management, sans, service, software, supply-chain, technology, threat, tool, vulnerabilitynot using AI even though there is a lot of over-hype and promise about its capability. That said, organizations that don’t use AI will get left behind. The risk of using AI is where all the FUD is.”In terms of applying controls, rinse, wash, and repeat the processes you followed when adopting cloud, BYOD, and…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet Predator Still Active, with New Client and Corporate Links Identified Threat Group Targets Companies in Taiwan Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion Anubis: A…