Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.
“Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API,” SecurityScorecard’s

The Hacker News – ​Read More

Mirai Variant ‘Aquabot’ Exploits Mitel Device Flaws

Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.

darkreading – ​Read More

New Zyxel Zero-Day Under Attack, No Patch Available

GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available.

The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek.

SecurityWeek – ​Read More

MGM Resorts settles lawsuits after millions of customer records stolen in data breaches

A court filing says 37 million MGM customers had personal data stolen in the cyberattacks.

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

Oligo Raises $50M to Tackle Application Detection and Response

Oligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform.

The post Oligo Raises $50M to Tackle Application Detection and Response appeared first on SecurityWeek.

SecurityWeek – ​Read More

Maryland healthcare network forced to shut down IT systems after ransomware attack

Frederick Health Medical Group, which operates a hospital and other healthcare facilities northwest of Baltimore and Washington, D.C., took systems offline in response to a ransomware attack.

The Record from Recorded Future News – ​Read More

Clutch grabs $20M to build out its non-human security ID platform

When it comes to the world of cybersecurity, identity is often thought of as a “perimeter” around an organization. So many breaches begin through techniques like password theft, phishing, and credential stuffing; ergo, securing the identities of not only users, but also applications and machines, is the key to securing the whole system.  Easier said […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

The Old Ways of Vendor Risk Management Are No Longer Good Enough

Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.

darkreading – ​Read More

Top 8 Penetration Testing Tools to Enhance Your Security

Penetration testing is vital in keeping an organization’s digital assets secure. Here are the top picks among the latest pen testing tools and software.

Security | TechRepublic – ​Read More

Engineering giant Smiths Group says hackers accessed its systems during cyberattack

U.K.-based engineering giant Smiths Group has confirmed a cybersecurity incident involving “unauthorized access” to its systems. The London-listed company, which operates across multiple sectors including energy, security, aerospace and defense, said Tuesday that it is currently “managing” the incident. The company said it isolated affected systems and activated its business continuity plans, implying a disruptive […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More