CyberArk

December 20, 2023 The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. “This vulnerability allows remote authenticated Article posted by: …

8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware Read More »

December 20, 2023 The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. “Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and …

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide Read More »

December 19, 2023 Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. “An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) …

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits Read More »

December 19, 2023 Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud.  These applications contain a wealth of …

Top 7 Trends Shaping SaaS Security in 2024 Read More »

December 19, 2023 The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of delivering “specific distributor needs,” but also makes it more potent, Check Point said& …

Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges Read More »

December 19, 2023 Four U.S. nationals have been charged for participating in an illicit scheme that earned them more than $80 million via cryptocurrency investment scams. The defendants – Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, Rosemead, California; and Hailong Zhu, 40, Naperville, Illinois – have been …

Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam Read More »

December 19, 2023 Low-code/no-code (LCNC) and robotic process automation (RPA) have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using platforms like Microsoft PowerApps, UiPath, ServiceNow, Mendix, and OutSystems? The simple truth …

Unmasking the Dark Side of Low-Code/No-Code Applications Read More »

December 19, 2023 A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and targeted the hospitality industry. …

QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry Read More »

December 19, 2023 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations. In an alert published last week, the agency called out Iranian threat actors …

CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats Read More »