In an increasingly digital world, no organization is spared from cyber threats. Yet, not every organization has the luxury of hiring a full-time, in-house CISO. This gap in cybersecurity leadership is where you, as a vCISO, come in. You are the person who will establish, develop, and solidify the organization’s cybersecurity infrastructure, blending strategic guidance with actionable
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users
Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times.
“Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and
“Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and
Webinar — Psychology of Social Engineering: Decoding the Mind of a Cyber Attacker
In the ever-evolving cybersecurity landscape, one method stands out for its chilling effectiveness – social engineering. But why does it work so well? The answer lies in the intricate dance between the attacker’s mind and human psychology.
Our upcoming webinar, “Think Like a Hacker, Defend Like a Pro,” highlights this alarming trend. We delve deep into social engineering, exploring its
Our upcoming webinar, “Think Like a Hacker, Defend Like a Pro,” highlights this alarming trend. We delve deep into social engineering, exploring its
New PoolParty Process Injection Techniques Outsmart Top EDR Solutions
A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems.
SafeBreach researcher Alon Leviev said the methods are “capable of working across all processes without any limitations, making them more flexible than existing process
SafeBreach researcher Alon Leviev said the methods are “capable of working across all processes without any limitations, making them more flexible than existing process
Over 30% of Log4J apps use a vulnerable version of the library
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years. […]
AutoSpill attack steals credentials from Android password managers
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. […]
SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs
Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm.
The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM) as well as its analogous
The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM) as well as its analogous
Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques
Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging.
“While GuLoader’s core functionality hasn’t changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process,” Elastic Security Labs
“While GuLoader’s core functionality hasn’t changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process,” Elastic Security Labs
Norton Healthcare discloses data breach after May ransomware attack
Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. […]
Google shares “fix” for deleted Google Drive files
Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. However, the fix isn’t working for all affected users. […]