The sporting goods retail chain said hte incident exposed portions of the its IT systems containing confidential information.
The post Dick’s Sporting Goods Discloses Cyberattack appeared first on SecurityWeek.
Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors
The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 2024. […]
Google Catches Russian APT Reusing Exploits From Spyware Merchants NSO Group, Intellexa
Google TAG publishes evidence showing identical or striking similarities between exploits using by Russia’s APT29 and commercial spyware vendors.
The post Google Catches Russian APT Reusing Exploits From Spyware Merchants NSO Group, Intellexa appeared first on SecurityWeek.
Cybersecurity Maturity: A Must-Have on the CISO’s Agenda
Undertaking a cybersecurity maturity review helps leaders establish a benchmark from which to build a proactive improvement strategy.
The post Cybersecurity Maturity: A Must-Have on the CISO’s Agenda appeared first on SecurityWeek.
CISA Launches New Portal to Improve Cyber Reporting
U.S. Agencies Warn of Iranian Hacking Group’s Ongoing Ransomware Attacks
U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware.
The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to
The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to
Cisco Patches Multiple NX-OS Software Vulnerabilities
Cisco on Wednesday announced NX-OS software updates that resolve multiple vulnerabilities, including a high-severity DoS bug.
The post Cisco Patches Multiple NX-OS Software Vulnerabilities appeared first on SecurityWeek.
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks.
AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering.
In this article, we’re going to look at what AitM phishing
AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering.
In this article, we’re going to look at what AitM phishing
Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks
A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet.
CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a “command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE),” Akamai researchers Kyle
CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a “command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE),” Akamai researchers Kyle
Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks
Beckhoff Automation has patched several vulnerabilities in its TwinCAT/BSD operating system for industrial PCs.
The post Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks appeared first on SecurityWeek.