Most critical security gaps in the public cloud - Help Net Security
Orca Security provides insights into the current state of public cloud security and where the most critical security gaps are found.
Attackers changing targets from large hospitals to specialty clinics - Help Net Security
Critical Insight’s report analyzes breach data reported to the US Department of Health and Human Services by healthcare organizations.
Third-party attacks spike as attackers target software connections
Every third-party tool and partnership is a potential path for attack and an opportunity to exploit human behavior. The risks spread far and wide.
Patch Now: Apple Bashes Bugs Being Actively Exploited
Calling all Apple users: It’s time to once again patch your devices to protect them against two zero-day vulnerabilities that attackers are actively exploiting in the wild to take complete control of devices. While there’s no need to panic, security experts advise moving quickly.
Over 9,000 VNC servers exposed online without a password
Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks.
npm Packages Used to steal Payment Card Details
Researchers spotted four suspicious packages in the npm repository, which contained highly obfuscated malicious JS and Python code. Dubbed LofyLife, the campaign steals Discord tokens and payment card information. They are still monitoring updates to npm repositories to make sure all new malici…

 

8 top SBOM tools to consider
These commercial and open-source tools will scan code and create software bills of materials automatically.
Ransomware Attacks on Microsoft Cloud’s Versioning Feature are Likely | Cyware Hacker News
Researchers say ransomware actors can exploit a functionality flaw in Microsoft Office 365 suite to encrypt files stored on SharePoint and OneDrive Online. Read more!
Over 3.6 million MySQL servers found exposed on the Internet
​Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists.
StateRAMP Sees Adoption in 10 States After Year in Service
Roughly one year after launch, the nonprofit is being used by 10 states. The growing government user base may help encourage more vendors to undergo the necessary StateRAMP cybersecurity audits.
US, Allies Say New Intel Suggests Coming Russian Cyberattack | SecurityWeek.Com
Members of the “Five Eyes” intelligence sharing network warned that “evolving intelligence” indicated Russia was poised to launch powerful cyberattacks against rivals supporting Ukraine.
Watch out for this SMS phish promising a tax refund
We take a look at a round of phishing mails being sent to people in Belgium, promising tax-related refunds.
USPS “Your package could not be delivered” text is a smishing scam
We look at an SMS which claims you have a USPS redelivery needing to be rescheduled, and explain why it’s not what it seems.
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA
Not all MFA is created equal, as script kiddies and elite hackers have shown recently.
White House shares checklist to counter Russian cyberattacks
The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future.
Avoslocker ransomware gang targets US critical infrastructure
The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infr…
Around 34 Ransomware Variants Detected In Q4 2021 | Cyware Hacker News
The ransomware landscape witnessed 34 different variants in approximately 722 distinct attacks, with LockBit 2.0, Conti, and PYSA occupying the top three places. Know further!
The importance of building in security during software development - Help Net Security
45% of organizations have suffered at least two security breaches as a direct result of a vulnerable application.
Organizations taking nearly two months to remediate critical risk vulnerabilities - Help Net Security
Edgescan announces the findings of a report which offers a comprehensive view of the state of vulnerability management globally.
Bad actors are becoming more successful at evading AI/ML technologies - Help Net Security
Deep Instinct monitored attack volumes and types and then extrapolated their findings to predict where the future of cybersecurity is heading.
Important Detection and Remediation Actions for Cyclops Blink State-Sponsored Botnet | WatchGuard Technologies
WatchGuard customers and partners can eliminate the potential threat posed by malicious activity from Cyclops Blink by immediately enacting WatchGuard’s 4-Step Diagnosis & Remediation Plan
Multiple Hacking Groups Targeting ICS/OT Systems | Cyware Hacker News
A new report on industrial cybersecurity has revealed three new threat groups, besides LockBit 2.0 and Conti, that have been targeting the industrial sector. Know more!
US braces for Russian cyberattacks as Ukraine conflict escalates. Here’s how that might play out
The standoff between the United States and Russia over the conflict in Ukraine has so far mainly played out on diplomatic and economic fronts.