Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. Shadow apps may include instances of software that the company is already using. For […]
Author Archives: Onsite Computing, Inc.
Researchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account. Go to Source Author: Becky Bracken, Senior Editor, Dark Reading
The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. […] Go to Source Author: Bill Toulas
A new side-channel attack dubbed PIXHELL could be abused to target air-gapped computers by breaching the “audio gap” and exfiltrating sensitive information by taking advantage of the noise generated by the pixels on the screen. “Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 […]
CISOs in Southeast Asia should be on alert after the discovery that a suspected Chinese-based cyber espionage campaign that started last year is expanding its scope. The warning today comes from researchers at Sophos, in a new report on activity it dubs Operation Crimson Palace. Initially the campaign — made up of clusters of activity […]
A PRC threat cluster known as “Crimson Palace” is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain. Go to Source Author: Nate Nelson, Contributing Writer
Third-party risk management is a significant CISO challenge with deep business consequences. When a key third-party supplier succumbs to cyberattack, operations can grind to a halt. In healthcare and financial services, third parties have been an attack vector of choice of late. And just this June, Russia’s APT29, aka Cozy Bear, compromised TeamViewer, a free […]
The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro. The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed “the propagation of […]
Hockey legend Wayne Gretzky famously shared his secret to success on the ice: “I skate to where the puck is going to be, not where it has been.” Security teams would do well to embrace Gretzky’s forward-looking strategy in their own work; those who place emphasis on where their security program needs to get to […]
It takes more than technical knowledge to write about cybersecurity in a way people want to read. It takes creativity, discipline, and other key skills. Go to Source Author: Joshua Goldfarb