Blog

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry - A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week.Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript backdoor.The attack sequence proceeds as follows: The threat actor poses as a customer while… Continue Reading
The Pivot: How MSPs can Turn a Challenge Into a Once-in-a-Decade Opportunity - Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers (MSPs). That's the main insight from a recent study from Lumu: in North America, more than 80% of MSPs cite cybersecurity as a primary growth driver of their business. Service providers have a huge opportunity to expand their business and win new customers by developing their cybersecurity offerings.This hardly comes as a surprise since the demand for cybersecurity is in… Continue Reading
Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions - Los Altos, CA — February 1, 2023 — Contrast Security (Contrast), the code security platform built for developers and trusted by security,today announced the launch of its new partner program, theSecurity Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.The goal of SIA is to provide customers with unmatched, fully integrated application security solutions from Contrast and its strategic alliance partners, which include leading multinationals like GitLab… Continue Reading
Eliminating SaaS Shadow IT is Now Available via a Self-Service Product, Free of Charge - The use of software as a service (SaaS) is experiencing rapid growth and shows no signs of slowing down. Its decentralized and easy-to-use nature is beneficial for increasing employee productivity, but it also poses many security and IT challenges. Keeping track of all the SaaS applications that have been granted access to an organization's data is a difficult task. Understanding the risks that SaaS applications pose is just as important, but it can be challenging… Continue Reading
New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector - The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine."The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET revealed in its latest APT Activity Report shared with The Hacker News.The Slovak cybersecurity firm said the attacks coincided with missile strikes orchestrated by the… Continue Reading
GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom - GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps.As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The following versions of GitHub Desktop for Mac have been invalidated: 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.1.0, 3.1.1, and 3.1.2.Versions 1.63.0 and 1.63.1 of 1.63.0 of Atom are… Continue Reading
Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years - A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years."TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically," Check Point Research's Arie Olshtein said, calling it a "master of disguises."Offered as a service to… Continue Reading
BD Publishes 2022 Cybersecurity Annual Report - FRANKLIN LAKES, N.J., Jan. 25, 2023 /PRNewswire/ -- BD (Becton, Dickinson and Company) (NYSE: BDX), a leading global medical technology company, today released its third annual cybersecurity report to update stakeholders about the company's ongoing efforts to advance cybersecurity maturity, protect against cyberattacks and empower customers with information about cyber risks and vulnerabilities.Through the BD 2022 Cybersecurity Annual Report, the company is increasing awareness of health care cybersecurity challenges and the company's commitment to transparency and collaboration."In health… Continue Reading
Gootkit Malware Continues to Evolve with New Components and Obfuscations - The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains.Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is "exclusive to this group."Gootkit, also called Gootloader, is spread through compromised websites that victims are tricked into visiting when searching for business-related documents like agreements and contracts via a technique called search engine… Continue Reading
Auditing Kubernetes with Open Source SIEM and XDR - Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role in monitoring Kubernetes and other components of an organization's infrastructure.Kubernetes is an open source container management solution that automates the deployment and scaling… Continue Reading