Blog
Attacker Unleashes Stealthy Crypto Mining via Malicious Python Package
The Python package "Culturestreak" is a malicious software that hijacks system resources for unauthorized cryptocurrency mining. The package utilizes obfuscated code and random filenames to evade detection, making it a persistent threat.
Sandman APT Infiltrates Telecommunications Companies Using LuaDream Backdoor
The activities of Sandman suggest espionage motivations, with a focus on telecommunications providers and a potential connection to a private contractor or mercenary group.
How to Interpret the 2023 MITRE ATT&CK Evaluation Results
Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation. ...
Apple Emergency Updates Fix Three New Zero-Days Exploited in Attacks
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days fixed this year.
Iranian Nation-State Actor OilRig Targets Israeli Organizations
Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors...
Security Concerns and Outages Elevate Observability From IT Niche to Business Essential
A new report from SolarWinds highlights the benefits of observability for enterprises. The report states that companies that implement observability experience increased operational efficiency, faster innovation, and better business outcomes.
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four...
High-Severity Flaws Uncovered in ISC BIND Server
ISC has released fixes for two high-severity bugs affecting the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could pave the way for a DoS condition.
Update: MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks
“We are pleased that all of our hotels and casinos are operating normally,” the Las Vegas-based company posted on X, the platform formerly known as Twitter. It was reported last week that the attack was detected on September 10.
Space and Defense Tech Maker Exail Technologies Exposes Database Access
The exposure of the company's web server version and operating system flavor poses a risk as attackers could target specific vulnerabilities associated with the operating system.
FREE GUIDE