New TLDs Such as .shop, .top and .xyz Leveraged by Phishers
Phishing attacks have surged nearly 40% in the year ending August 2024, with a significant portion of this increase linked to new generic top-level domains…
Month: December 2024
Product showcase: Securing Active Directory passwords with Specops Password Policy
Password policies are a cornerstone of cybersecurity for any organization. A good password policy ensures every end user has a strong and unique password, significantly…
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that’s created by criminals for criminal purposes. The joint operation, conducted…
Oracle Java licensing explained: Addressing complexity, cost and audits
Organisations using Java face a licence fee hike after Oracle’s introduction of subscription pricing for Java SE. Analyst Forrester has previously written that the move to what…
Azercell Cybersecurity Training For Elderly In Azerbaijan
Azercell, the leading mobile operator in Azerbaijan, is offering cybersecurity training to its customers, particularly the elderly. As part of its ongoing efforts, Azercell cybersecurity…
HR & IT-Related Phishing Emails Are Top-Clicked Among Phishing Email Types
Phishing emails masquerading as HR and IT-related communications are the most likely to be clicked on by employees as unveiled in a recent study, posing…
Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability
SUMMARY: Critical Patch Alert: Cisco ASA users must urgently address a 10-year-old WebVPN vulnerability (CVE-2014-2120) that attackers are now actively exploiting. XSS Risk Identified: The…
HackSynth An Autonomous Penetration Testing Framework For Simulating Cyber-Attacks
The introduction of HackSynth marks a significant advancement in the field of autonomous penetration testing. Developed by researchers at Eotvos Lorand University, HackSynth leverages Large…
Authorities Take Down Criminal Encrypted Messaging Platform MATRIX
SUMMARY MATRIX Encrypted Platform Shut Down: Authorities dismantled MATRIX, an encrypted messaging service used by criminals. Millions of Messages Intercepted: Over 2.3 million encrypted messages…
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for…
How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges
Many organizations struggle with password policies that look strong on paper but fail in practice because they’re too rigid to follow, too vague to enforce,…
Cloudflare Developer Domains Abused For Cyber Attacks
Cloudflare developer domains are actively abused by the threat actors for several illicit malicious purposes, as reported by the security analysts at FORTRA. Recent investigations…