A new ransomware gang known as EstateRansomware is exploiting a Veeam vulnerability that was patched over a year ago to spread file-encrypting malware and demand ransom payments.
Cytactic, an Israel-based provider of a platform pioneering cyber crisis readiness and management, raised $16M in a seed funding round led by Evolution Equity Partners. It intends to use the funds to expand operations and development efforts.
Compiled V8 JavaScript in Google’s engine converts JavaScript into low-level bytecode, making analysis and detection difficult. Attacks using this bytecode ensure compatibility with the V8 engine for successful execution.
The genesis of BunkerWeb came from the need to apply security practices manually every time a web application was put online. The solution meets global needs with a modular architecture allowing for extensions.
Originally detected in 2020, the ViperSoftX malware now incorporates more sophisticated evasion tactics by using the Common Language Runtime (CLR) to run PowerShell commands within AutoIt scripts distributed through pirated eBook copies.
A survey by data security company Kiteworks reveals that around 60% of organizations struggle to track their information once it leaves through communication channels like email.
The vulnerability impacts all GitLab CE/EE versions from 15.8 to 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.
Researchers have identified the developer of a malicious remote access tool used in attacks on Russian organizations. Known as Mr. Burns, the developer has been active in darknet forums since 2010, creating harmful versions of popular tools.
Security researchers have found a critical vulnerability, CVE-2024-38021, impacting Microsoft Outlook. This zero-click remote code execution flaw, now fixed by Microsoft, allowed unauthorized access without authentication.
Warnings have been issued in India regarding a rise in fraudulent smishing attacks, with scammers impersonating India Post to deceive people into giving personal information or clicking on malicious links.