Sygnia’s recent report highlights the changing strategies of ransomware groups targeting VMware ESXi appliances. These attackers exploit vital virtual infrastructure to disrupt operations and remain hidden in compromised networks. ESXi appliances have become prime targets due to their role in hosting vital virtual machines. “Damaging them renders virtual machines inaccessible, …
Read More »
MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded by the NSA and the U.S. Department of Defense, offers a flexible and user-friendly framework for cybersecurity operations and strategic decision-making. D3FEND was initially released as a beta in June …
Read More »
Last year saw a significant rise in cyber threats, with malware becoming more advanced and attack strategies more sophisticated. A report by ANY.RUN, an interactive malware analysis platform, noted that 2024 experienced the highest levels of complex malware threats in the global cybersecurity landscape. Surge in Malware Activity: In 2024, …
Read More »
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a second security flaw affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products to its Known Exploited Vulnerabilities (KEV) catalog, noting that it is actively being exploited. CVE-2024-12686 is a medium-severity vulnerability (CVSS score: 6.6) that could let an attacker …
Read More »
India has made strides in cybersecurity by clarifying ministerial roles in September 2024 and implementing a National Security Directive that limits telecom infrastructure procurement to trusted sources. It is also considering similar protocols for other vital sectors like power. To address the shortage of cybersecurity professionals, the government is investing …
Read More »
A deceptive proof-of-concept exploit for CVE-2024-49113, known as “LDAPNightmare,” on GitHub spreads infostealer malware that steals sensitive data and sends it to an external FTP server. Trend Micro discovered a case where hackers trick users into infecting themselves with malware. Trend Micro reports a malicious GitHub repository that seems to …
Read More »
In 2025, malware attacks will persist. To prepare, organizations should familiarize themselves with common malware families. Here are five to focus on now. LockBit: LockBit is a major ransomware targeting Windows devices and is a significant threat in Ransomware-as-a-Service (RaaS) attacks. Its decentralized structure has allowed it to infiltrate high-profile …
Read More »
Launched in July 2023, the new US Cyber Trust Mark allows smart devices from participating vendors to showcase their cyber resilience through the prominent display of the Cyber Trust Mark logo. “Americans have many ‘smart’ wireless interconnected devices in their homes, from baby monitors to home security cameras to voice-activated …
Read More »
On Friday, the Indian government released the draft Digital Personal Data Protection Rules, requiring social media and online platforms to obtain verifiable consent from parents before children can create accounts. Parents must validate their identity and age using voluntary identity proof issued by a recognized legal entity or the government, …
Read More »
Microsoft recently shared a vision for the future of American technology and economic competitiveness, highlighting Artificial Intelligence (AI) as central to this change. The company views AI as “the electricity of our age,” capable of boosting innovation and productivity across all sectors. Microsoft’s vision rests on three pillars: Advancements in …
Read More »
InfoSecBulletin Cybersecurity for mankind