Beware of Typosquatting: A Common Tactic Used by Threat Actors It’s no secret that threat actors often resort to cunning tactics to deceive unwary users and carry out malicious activities. One such technique that has been around for quite some time is typosquatting. This deceptive practice involves registering domains or packages with names that are…
The Rising Trend of Virtual Chief Information Security Officer (vCISO) Services Cynomi’s 2024 State of the vCISO Report sheds light on the increasing demand for virtual Chief Information Security Officer (vCISO) services. This independent survey showcases the benefits that both service providers and clients are experiencing. The popularity of vCISO services is on the rise,…
Critical Security Flaw Uncovered in LiteSpeed Cache Plugin for WordPress In the ever-evolving landscape of cybersecurity threats, researchers have unearthed a critical vulnerability in the LiteSpeed Cache plugin designed for WordPress websites. This loophole, identified as CVE-2024-44000 with a CVSS score of 7.5, poses a significant risk as it permits unauthorized users to gain control…
The Apache OFBiz Security Flaw: Unauthenticated Remote Code Execution A recent security concern has been identified in the Apache OFBiz open-source enterprise resource planning (ERP) system. This vulnerability, known as CVE-2024-45195 with a CVSS score of 7.5, is classified as high-severity. If exploited successfully, it could result in unauthenticated remote code execution on both Linux…
The Misguided Charges Against Telegram CEO Pavel Durov Telegram CEO Pavel Durov has finally spoken out after almost two weeks of silence following his arrest in France. In a statement on his Telegram account, Durov expressed his disbelief at the charges laid against him, calling them misguided and out of touch with the modern digital…
Veeam Releases Critical Security Updates to Address 18 Vulnerabilities Veeam, a popular software provider, has recently rolled out security updates to patch a total of 18 security flaws across its software products. Among these vulnerabilities, five are categorized as critical, potentially leading to remote code execution. Critical Vulnerabilities Overview One of the critical vulnerabilities includes…
The Persistent Cyber Campaign by Tropic Trooper In a recent development, unnamed government entities in the Middle East and Malaysia have become the targets of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. New Strategic Move by Tropic Trooper This cyber campaign has brought to light the…
The U.S. Department of Justice Seizes Pro-Russian Propaganda Domains In a bold move to counter foreign influence operations, the U.S. Department of Justice (DoJ) made an announcement on Wednesday about seizing 32 internet domains used by a pro-Russian propaganda organization known as Doppelganger. This operation is part of a broader effort to combat disinformation and…
A Decade of NIST’s Cybersecurity Framework: Evolution and Impact It has been ten years since the inception of the National Institute of Standards and Technology’s (NIST) groundbreaking Cybersecurity Framework (CSF) 1.0. This framework was born out of a 2013 Executive Order which mandated NIST to craft a voluntary cybersecurity toolkit aimed at assisting organizations in…
Threat actors using Red Team tool for malicious purposes New research from Cisco Talos suggests that threat actors are utilizing a payload generation framework known as MacroPack for nefarious activities. Originally designed for red teaming exercises, MacroPack enables the creation of various file formats such as Office documents, Visual Basic scripts, and Windows shortcuts, commonly…