Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of
Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide
An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops.
Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims’ data for financial gain. It’s operational across multiple platforms,
Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims’ data for financial gain. It’s operational across multiple platforms,
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status.
Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations.
Impacted models include NAS326
Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations.
Impacted models include NAS326
Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs
Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.
The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows malware propagated via direct messages to compromise brand and celebrity accounts without having to
The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows malware propagated via direct messages to compromise brand and celebrity accounts without having to
Australian mining company discloses breach after BianLian leaks data
Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. […]
TikTok fixes zero-day bug used to hijack high-profile accounts
Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media’s direct messages feature. […]
FBI warns of fake remote work ads used for cryptocurrency fraud
Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies. […]
ARRL says it was hacked by an “international cyber group”
American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information. […]
Microsoft announces first Windows 10 Beta build since 2021
Microsoft has reopened the Windows 10 beta channel and is asking Insiders to join or switch to receive a new beta build in the coming weeks. […]
New V3B phishing kit targets customers of 54 European banks
Cybercriminals are promoting a new phishing kit named ‘V3B’ on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. […]