Symbiote: Linux malware ‘nearly impossible to detect’ threat
Researchers have discovered a new Linux malware dubbed Symbiote, a ‘nearly impossible to detect’ threat.
Symbiote: Linux malware ‘nearly impossible to detect’ threat Read More »
Cybersecurity Threat Center
Google releases Chrome 102 (102.0.5005.115) security updates with fixes for 4 High severity vulnerabilities
eleased Chrome version 102.0.5005.115 for Windows, Mac and Linux, with fixes for seven vulnerabilities (four rated High severity).
DevSecOps best practices to secure cloud-native and microservices-based applications
The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204C “Implementation of DevSecOps for a Microservices-based Application with Service Mesh.” The guidelines include many best practices on how organizations and secure their CI/CD pipeline and enhance the software delivery processes.
DevSecOps best practices to secure cloud-native and microservices-based applications Read More »
Threat actor TA2541 targets aviation industry to distribute AsyncRAT
Researchers from Proofpoint have spotted an advanced persistent threat actor (APT) dubbed TA2541 that has been targeting entities in the aviation industry to distribute AsyncRAT malware.
Threat actor TA2541 targets aviation industry to distribute AsyncRAT Read More »
CISA: Take these urgent steps to protect your organization against potential critical cybersecurity threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new CISA Insights guideline document with steps organizations can take against potential critical cybersecurity threats.
U.S. government releases advisories and indictments related to “sophisticated Chinese state-sponsored activity”
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed “sophisticated Chinese state-sponsored activity” targeting multiple public and private sectors in the United States.
CIS Controls Version 8
The Center of Internet Security (CIS) in coordination with the SANS Institute and through a consortium of security experts, U.S. agencies such as the NSA, coordinated the CIS Controls Version 8 (formerly known as “Critical Security Controls” or CSC) to help simplify and prioritize list of controls that would have the greatest impact to an organization in improving risk posture against cyber threats.
CIS Controls Version 8 Read More »
Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)
Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019, collectively known as “ProxyLogon.” The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.