The effect of omission bias on vulnerability management
Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the…
Month: January 2024
CL0P Ransomware Group Targets India’s S&A Law Offices
This cyberattack on S&A Law Offices follows a series of cyber threats against prominent Indian organizations. Innefu Labs, a cybersecurity firm renowned for its advanced…
Prioritizing CIS Controls for effective cybersecurity across organizations
In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations of…
Organizations invest more in data protection but recover less
92% of organizations will increase 2024 data protection spend, to achieve cyber resilience amidst continued threats of ransomware and cyberattacks, according to Veeam Software. Respondents…
Software supply chain attacks are getting easier
ReversingLabs identified close to 11,200 unique malicious packages across three major open-source software platforms in 2023: npm, PyPI, and RubyGems. These findings mark an astounding…
Transport for NSW extends asset management contract – Software
Transport for NSW is spending $3.4 million to extend a contract for maintenance and management technology with Victorian company Asset Vision. Asset Vision’s previous work…
US, UK, Australia sanction REvil hacker behind Medibank data breach
The Australian, US, and UK governments have announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member…
Kasseika ransomware uses antivirus driver to kill other antiviruses
A recently uncovered ransomware operation named ‘Kasseika’ has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable…
Trello API abused to link email addresses to 15 million accounts
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private…
Watch out, a new critical flaw affects Fortra GoAnywhere MFT
Watch out, a new critical flaw affects Fortra GoAnywhere MFT Pierluigi Paganini January 23, 2024 Fortra addressed a new authentication bypass vulnerability impacting GoAnywhere MFT…
Exploit released for Fortra GoAnywhere MFT auth bypass bug
Exploit code is now available for a critical authentication bypass vulnerability in Fortra’s GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new…
Microsoft identifies role in tracking Medibank attacker – Security
Microsoft has quietly disclosed that it played a “key role” in feeding information to the Australian Signals Directorate that helped identify who was behind the…