Security Affairs

JANUARY 10, 2025

Between 2019 and 2024, the MirrorFace group launched three cyber campaigns targeting Japanese think tanks, government, academia, and key industries. Campaign C (2024): Delivered malware (ANEL) via email links, targeting academia and think tanks, evolving to abuse Visual Studio Code. ” reads the report published by NPA.“This

Antivirus 76

Antivirus Malware System Administration Technology 76

Centraleyes

DECEMBER 16, 2024

Verizons Data Breach Investigations Report showed that 74% of security breaches involve a human element, with system administrators and developers accounting for most of these errors. In 2024, human-centric security strategies will become increasingly important.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Technology 98

SecureList

DECEMBER 9, 2024

As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them. Let’s dive in! The Polyfill.io

Internet 109

Internet Internet Risk Social Engineering 109

SecureList

APRIL 29, 2025

Analysis We started the analysis by gathering relevant evidence from a compromised Linux system. We identified an odd authorized SSH key for a user called suporte (in a Portuguese-speaking environment, this is an account typically used for administrative tasks in the operating system).

Authentication 93

Authentication System Administration Passwords Cryptocurrency 93

Krebs on Security

MAY 13, 2024

According to Constella, this email address was used in 2010 to register an account for a Dmitry Yurievich Khoroshev from Voronezh, Russia at the hosting provider firstvds.ru. 2011 said he was a system administrator and C++ coder. NeroWolfe seems to have abandoned all of his forum accounts sometime in 2016.

Ransomware 323

Ransomware Cybercrime Accountability Government 323

eSecurity Planet

FEBRUARY 26, 2024

February 19, 2024 Microsoft Exchange Servers Vulnerable to Privilege Escalation Attacks Type of vulnerability: Critical severity privilege escalation vulnerability. The problem: CVE-2024-21410 allows remote attackers to carry out NTLM relay attacks on Microsoft Exchange Servers, providing them with privileged access.

Risk 115

Risk Authentication System Administration Ransomware 115

eSecurity Planet

JULY 15, 2024

July 8, 2024 Four Unpatched Flaws Discovered in Gogs Type of vulnerability: Multiple, including argument injection and file deletion. The problem: Four unpatched security issues in Gogs, an open-source Git service, enable attackers to exploit three critical flaws ( CVE-2024-39930 , CVE-2024-39931 , CVE-2024-39932 ; CVSS: 9.9)

Authentication 110

Authentication Backups Software Risk 110