Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.The vulnerability, patched by Zoho last November, affects multiple Zoho ManageEngine products and can be reached over the internet to launch code execu

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices.In a blog post documenting its research into four known macOS ransomwar

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that could be exposed by brute-forcing or guessing master passwords.The company, which is owned by GoTo (formerly LogMeIn), said the hackers broke into its network in August and used information from that hack

The leading hospital in India’s capital limped back to normalcy on Wednesday after a cyberattack crippled its operations for nearly two weeks.Online registration of patients resumed Tuesday after the hospital was able to access its server and recover lost data. The hospital worked with federal authorities to restore the system and strengthen its defenses.It’

Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world.According to telemetry data from vulnerability scanning pioneer Tenable, more than 70 percent of scanned organizations remain vulnerable to t

Security researchers at Proofpoint are calling attention to the discovery of a commercial red-teaming tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors.According to a new report from Proofpoint, Nighthawk is an advanced C2 framework sold by MDSec, a European outfit that sells adversary simulation an

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many or

The U.S. government on Wednesday issued a blunt recommendation for organizations running VMWare Horizon servers: Initiate threat-hunting activities to find and expel Iranian APT actors that used the Log4j crisis to slip undetected into corporate networks.According to a joint advisory from CISA and the FBI, Iranian government-sponsored hackers hit at least on

Israeli early-stage startup Akeyless has banked a whopping $65 million in venture capital funding to build technology to help businesses manage credentials, certificates, keys and other secrets flowing through multi-cloud environments.The $65 million Series B investment brings the total raised by Akeyless to $80 million and provides runway for the company’s

The zero-day attacks against Microsoft’s software products are showing no signs of slowing down.For the second consecutive month, the world’s largest software maker rushed out patches to cover vulnerabilities that were already exploited as zero-days in the wild, including a pair of belated fixes for Microsoft Exchange Server security defects targeted by a st

Each year between June and November, many parts of the U.S. become potential targets for hurricanes. In October 2022, we had Hurricane Ian devastate Florida. To prepare for natural disasters like hurricanes, organizations are encouraged to build out and test business continuity, disaster recovery, and crisis management plans to use in the response efforts.

Cybersecurity firm SafeBreach has issued a warning about a new PowerShell backdoor that disguises itself as part of the Windows update process to remain fully undetected.Operated by a sophisticated, unknown threat actor, the backdoor is distributed via a malicious Word document that appears linked to a LinkedIn-based job application spear-phishing lure.When

California startup Bolster, Inc. has raised $15 million in venture capital funding to build a fraud prevention platform for businesses.The early-stage funding round was led by Cervin, Liberty Global Ventures, and Cheyenne Ventures with participation from previous investors Thomvest Ventures and Crosslink Capital.  Bolster has so far raised approxim

European venture capital and private equity firm Smartfin on Tuesday announced a deal to acquire Hex-Rays, the Belgian company behind the widely deployed IDA Pro software disassembler.Financial terms of the acquisition were not released but Smartfin said IDA Pro creator Ilfak Guilfanov joined a consortium of investors putting cash back into the restructured

Microsoft on Tuesday released software fixes to address more than 90 security defects affecting products in the Windows ecosystem and warned that one of the vulnerabilities was already being exploited as zero-day in the wild.The exploited vulnerability – documented as CVE-2022-41033 – affects the Windows COM+ event system service and has been exploited in el