The EFF has been tracking Dark Caracal since 2015. In 2020, Quintin and EFF’s director of cybersecurity Eva Galperin published a report about a hacking campaign focused on Lebanese targets.

If a cybercriminal doesn’t name their strain themselves, a cybersecurity researcher creates the name. The primary researcher of the strain will usually come up with the name, and they sometimes assign one that seems random but usually is not.

Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection.

Microsoft has tracked down a sophisticated authentication bypass for Active Directory Federated Services (AD FS), pioneered by the Russia-linked Nobelium threat actor group.

The technical write-up by ReversingLabs threat researchers Lucija Valentic and Karlo Zanki says the malicious package consisted of two files, one obfuscated via the JavaScript obfuscator.

Apple said in its response that it was “particularly concerned by some of the remedy options that the CMA is now considering in relation to cloud gaming, which appear to fall outside the underlying basis for the market investigation.”

For many, CVSS from FIRST has been the driving force in that process. One of the major objectives behind the calculation of the actual CVSS number is to ensure standardization so all CVEs are scored consistently and can be accurately compared.

The lack of vendor patches may be compounding cyber risk for industrial asset owners in critical sectors like transportation and utilities. Even when they’re available, security updates in these environments aren’t always easy to apply.

Attack chains mounted by the hacking crew entail the exploitation of known security flaws in Apache Log4j, SonicWall, and TerraMaster NAS appliances to gain initial access, followed by reconnaissance, lateral movement, and ransomware deployment.

The goal to offer newer methods around the vulnerability management process came after Bettini ran the Tenable research team, where he led developers to write detection code for all Tenable products but faced prioritization challenges.