CyberArk

November 17, 2023 A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. “Starting from a single compromised machine, threat actors could progress in several ways: they could move to other …

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks Read More »

November 17, 2023 Russian threat actors have been possibly linked to what’s been described as the “largest cyber attack against Danish critical infrastructure,” in which 22 companies associated with the operation of the country’s energy sector were targeted in May 2023.  “22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace,” Denmark’s SektorCERT said [PDF]. “The …

Russian Hackers Linked to ‘Largest Ever Cyber Attack’ on Danish Critical Infrastructure Read More »

November 16, 2023 The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty. “The botnet infrastructure had infected Windows systems then further expanded to infect Linux, Mac, and Android devices, victimizing computers and other electronic devices around …

U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty Read More »

November 16, 2023 Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in …

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar Read More »

November 16, 2023 What do basketball teams, government agencies, and car manufacturers have in common? Each one has been breached, having confidential, proprietary, or private information stolen and exposed by insiders. In each case, the motivations and methods varied, but the risk remained the same: insiders have access to too much data with too few …

Three Ways Varonis Helps You Fight Insider Threats Read More »

November 16, 2023 Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to “allow escalation of privilege and/or information disclosure and/or denial of service via local access.” Successful exploitation of the vulnerability could also permit a bypass of the …

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments Read More »

November 16, 2023 Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been …

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities Read More »

November 16, 2023 VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. “On an upgraded version of VMware Cloud …

Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability Read More »

November 15, 2023 A group of academics has disclosed a new “software fault attack” on AMD’s Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. …

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs Read More »

November 15, 2023 In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh …

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy Read More »