Cybersecurity
MasterCard DNS Error Went Unnoticed for Years – Krebs on Security
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent…
10 top XDR tools and how to evaluate them
Little in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat…
What is SSL (Secure Sockets Layer)? | Definition from TechTarget
SSL (Secure Sockets Layer) is a networking protocol that secures connections between web clients and web servers over internal networks or the internet by encrypting the data sent between those clients and servers. Why is SSL important? Part of SSL’s significance lies in the fact that it was the first widely used and broadly implemented…
Australian Cyber Security Centre Targets Bulletproof Hosting Providers To Disrupt Cybercrime Networks
Overview The Australian Cyber Security Centre (ACSC) has issued a detailed warning regarding Bulletproof Hosting Providers (BPH). These illicit infrastructure services play a critical role in supporting cybercrime, allowing malicious actors to conduct their operations while remaining largely undetectable. The Australian government’s growing efforts to combat cybercrime highlight the increasing difficulty for cybercriminals to maintain…
PARSIQ’s Reactive Network Provides Solution for DeFi Exchange Vulnerabilities
Over the past few years, decentralised finance (DeFi) has revolutionised the financial sector. DeFi introduced transparent, permissionless and efficient payment systems, streamlining international transactions. However, this growth has been accompanied by a rise in security challenges and there have been several notable incidents over the years. DeFi exchanges have become prime targets for hackers, leading…
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
Sophos X-Ops’ Managed Detection and Response (MDR) is actively responding to incidents tied to two separate groups of threat actors, each of which have used the functionality of Microsoft’s Office 365 platform to gain access to targeted organizations with the likely goal of stealing data and deploying ransomware. Sophos MDR began investigating these two separate…
Has the TikTok Ban Already Backfired on US Cybersecurity?
Now that the US Supreme Court has upheld a ban on the wildly popular video social media platform we know as TikTok, its most influential users have decided to retaliate by moving their game over to REDnote, a competing Chinese social media company, thus creating an entirely new, and arguably worse, situation for the nation’s…
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential…
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access, protecting data, maintaining compliance across…
Was ist ein Payload?
Ähnlich wie damals die griechischen Soldaten, die im Inneren des trojanischen Pferdes auf den passenden Zeitpunkt lauerten, werden Payloads zum Beispiel in vermeintlich harmlosen Dateianhängen versteckt und starten ihren Angriff oftmals durch einen Trigger zu einem späteren Zeitpunkt. Foto: wk1003mike – shutterstock.com Der Begriff „Payload“ hat seinen Ursprung im Transportwesen. Dort beschreibt „Nutzlast“ die Menge…