Category: Security

Hacker Appreciation Month: Badge Awards
Celebrating the accomplishments of hackers is something we want to do year-round. However, we decided we wanted to root Cyber Security Awareness month and give it our own spin. At the start of October, as part of Hacker Appreciation Month,...

Researchers Detail New Malware Campaign Targeting Indian Government Employees
The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. “This group abuses Google advertisements for the purpose of malvertising to distribute backdoored...

Benefits of Vulnerability Assessment – A Detailed Guide
We all know that vulnerability assessment is very important nowadays, and that’s why most of companies use this assessment. Whether the company is small or it is a large IT sector, everyone needs to protect their company from cyberattacks, especially...

4 Major Benefits of Next Gen SIEM
Security analysts are up against more cyberattacks than ever, increased attack surfaces, and more protective tools on the cloud and premises than ever before. All of that is accompanied by cybersecurity experts that are leaving the field. Stress, poor company...

Why Identity & Access Management Governance is a Core Part of Your SaaS Security
Every SaaS app user and login is a potential threat; whether it’s bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization’s data and systems. Since enterprises...

SandStrike Spyware Infecting Android Devices through VPN Apps
Did you know 38% of VPN apps on Google Play Store are plagued with malware? Nonetheless, the IT security researchers at Kaspersky have discovered that threat actors are increasingly relying on SandStrike spyware that is specifically impacting Android devices. The...

Hacker AFK: the_arch_angel
Today’s hacker the_arch_angel JXoaT: What was your first experience with hacking growing up? the_arch_angel: I actually didn’t do any hacking growing up. It wasn’t until post-college that I started showing interest in computer security. Growing up, I had seen movies with...

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers. “These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain...

Server-side attacks, C&C in public clouds and other MDR cases we observed
Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took...

How I Found My Next Mission In Cybersecurity
Trevor Granger is a Technical Manager in Operations, Federal. He has 18 years of service and is currently in Officer Training School for the Air Force. I was a freshman in high school when September 11th, 2001 happened. I will...

Leaked Amazon Prime Video Server Exposed Users Viewing Habits
Remember when a Chinese server leaked 7GB worth of data including fake Amazon reviews? Well now, an Elasticsearch database dubbed Sauron was left unprotected in cyberspace without any security authentication. According to security researcher Anurag Sen, the database was stored...

Samsung Galaxy Store Flaw Allows Remote Attacker to Run Code on Affected Phones
A security flaw in the Galaxy Store allows attackers to trigger remote code execution on affected smartphones. The now patched vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep...