%term

Supply Chain Attack Targeting 3CX Softphone Application

Mar 30, 2023 By James Liolios In Arctic Wolf

On Wednesday, March 29, 2023, details of unexpected malicious activity observed from the legitimate and cryptographically signed 3CX SoftPhone Desktop App application were shared in a blog post by security researchers at Crowdstrike.

Read Post

Arctic Wolf

Read more about Supply Chain Attack Targeting 3CX Softphone Application

16 Ways Cloud WAFs are Better than On-Premise WAFs

Mar 30, 2023 By Indusface In Indusface

A Web Application Firewall (WAF) is a security solution designed to protect web applications from various attacks, including SQL injection, cross-site scripting (XSS), and others. There are two types of WAF: on-premise and cloud-based.

Read Post

Indusface

Read more about 16 Ways Cloud WAFs are Better than On-Premise WAFs

Weekly Cyber Security News 30/03/2023

Mar 30, 2023 By Kevin In ionCube24

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. If during the past week you panicked when you went to do a push to git, and saw the alarm that your connection could be compromised, don’t worry, github just rotated keys because…

Read Post

ionCube24

Read more about Weekly Cyber Security News 30/03/2023

Elevate your AWS Experience: Unleash the Power of Veeam BaaS with David Johnson and Sagi Brody

Mar 30, 2023 By Opti9 In Opti9

In this video, we're taking a deep dive into the world of Veeam's BaaS solutions on AWS. You'll get an insider's perspective on navigating this powerful tool, optimizing your backup strategy, and ensuring seamless recovery. With Industry Leaders David Johnson and Sagi Brody! Unleash the Potential of Your AWS Environment! In this highly informative webinar, we bring you two renowned experts in AWS Marketplace: David Johnson, Head of Business Development at AWS Marketplace, and Sagi Brody, CTO at Opti9.

View Video

Opti9

Read more about Elevate your AWS Experience: Unleash the Power of Veeam BaaS with David Johnson and Sagi Brody

The Evolution of Qakbot: How Cato Networks Adapts to the Latest Threats

Mar 30, 2023 By Zohar Buber In Cato Networks

The world of cybersecurity is a never-ending battle, with malicious actors constantly devising new ways to exploit vulnerabilities and infiltrate networks. One such threat, causing headaches for security teams for over a decade, is the Qakbot Trojan, also known as Qbot. Qakbot has been used in malicious campaigns since 2007, and despite many attempts to stamp it out, continues to evolve and adapt in an attempt to evade detection.

Read Post

Cato Networks

Read more about The Evolution of Qakbot: How Cato Networks Adapts to the Latest Threats

What You Need to Know About the 3CX Supply Chain Attack

Mar 30, 2023 By Shmuel Gihon In Cyberint

A supply chain attack that targets customers of the 3CX Voice Over Internet Protocol (VoIP) desktop client has been discovered. Threat actors have created a digitally signed and malicious version of the software, which is being used to target both Windows and macOS users of the app. The threat actors are deploying second-stage payloads and are believed to be linked to a North Korean state-backed hacking group, , although this attribution has not been confirmed.

Read Post

Cyberint

Read more about What You Need to Know About the 3CX Supply Chain Attack

More Security. Less Tool Switching

Mar 30, 2023 By Jeanette Sherman In Mend

“Well, yeah, I can give the devs a new security tool, but I can’t make them use it.” I was mid-way through dinner with an old college friend when he dropped this into the conversation. I’d told him I wanted to pick his brain about security issues and tools, but told him no matter what, I wouldn’t start to deliver a pitch. Well, I kept my promise, but I think I must have given my tongue a bruise from biting it.

Read Post

Mend

Read more about More Security. Less Tool Switching

EP 24 - Making the Leap to Post-Quantum Computing Encryption

Mar 30, 2023 By CyberArk In CyberArk

Quantum computing is coming and it has the potential to be both exciting and terrifying… On today’s episode of Trust Issues, host David Puner speaks with cryptographer Dr. Erez Waisbard, CyberArk’s Technology and Research Lead, about quantum computing innovation and its cybersecurity implications – from data encryption to surveillance and privacy. Dr.

Read Post

CyberArk

Read more about EP 24 - Making the Leap to Post-Quantum Computing Encryption

Defend against insider threats with LimaCharlie

Mar 30, 2023 By Christopher Luft In LimaCharlie

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) defines insider threat as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.” The nature of insider threats is fairly wide-ranging. Most of us in the security field will naturally think of insider threats in cybersecurity terms, but CISA’s definition includes things like espionage, terrorism, and workplace violence.

Read Post

LimaCharlie

Read more about Defend against insider threats with LimaCharlie

Anonymous Sudan: Religious Hacktivists or Russian Front Group?

Mar 30, 2023 By Trustwave In Trustwave

The Trustwave SpiderLabs research team has been tracking a new threat group calling itself Anonymous Sudan, which has carried out a series of Distributed Denial of Service (DDoS) attacks against Swedish, Dutch, Australian, and German organizations purportedly in retaliation for anti-Muslim activity that had taken place in those countries.

Read Post