Month: September 2024

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” […]

Google on Thursday announced that users who rely on passkeys to sign into applications and websites can now save the passkeys on more than just their Android devices. The internet giant introduced passkey support in Android and Chrome in 2022, enabling users to log in with biometric authentication instead of passwords, which may be compromised through leaks […]

Apple has abruptly withdrawn its lawsuit against NSO Group, citing increased risk that the legal battle might unintentionally reveal sensitive vulnerability data and difficulties in acquiring essential information from the spyware vendor. In a court filing Friday, Apple said continuing the lawsuit now poses “too significant a risk” of exposing the anti-exploitation and threat intelligence […]

Microsoft raised an alarm for in-the-wild exploitation of a critical flaw in Windows Update, warning that attackers are rolling back security fixes on certain versions of its flagship operating system. The Windows flaw, tagged as CVE-2024-43491 and marked as actively exploited, is rated critical and carries a CVSS severity score of 9.8/10. Microsoft did not provide any information […]

A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. “Head Mare uses more up-to-date methods for obtaining initial access,” Kaspersky said in a Monday analysis of the group’s tactics and tools. “For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which allows the […]