Enterprise identity protection and cyber resilience startup Semperis Ltd. today announced the introduction of Okta Inc. security vulnerability scanning in its security assessment tool Purple Knight. The added support for Okta is the first time Semperis has expanded support outside of the Microsoft Corp. identity platforms of Active Directory and Entra ID. The new support ...

Researchers at application security testing firm Checkmarx Ltd. today detailed a previously unknown threat actor leveraging NPM packages to target developers to steal source code and secrets. The threat actor, believed to have been active since 2021 but undetected until now, has been publishing malicious NPM packages. The malicious packages were designed with the purpose of exfiltrating sensitive data ...

Researchers at Google LLC-owned cybersecurity firm Mandiant today warned that alleged Chinese attackers have and are continuing to target a zero-day vulnerability in Barracuda Networks Inc. devices successfully. The vulnerability in Barracuda’s Email Security Gateway, tracked as CVE-2023-2868, was patched in May. After the release of the patch, Mandiant and Barracuda did not identify evidence that any ...

A multinational task force headed by the U.S. Federal Bureau of Investigation and Dutch Police has taken down Qakbot, a prolific malware and botnet operation that was named in May the most successful malware family reaching inboxes. Qakbot, also known as QBot and Pinkslipbot, first emerged in 2008 and was historically known as a banking Trojan ...

Apple Inc. today announced that it will hold a launch event on Sept. 12 where it is expected to unveil iPhone 15 models and possibly other products. The event, dubbed “Wanderlust” by Apple (pictured), starts at 1o a.m. PDT and will be livestreamed on Apple’s website at the same time. As CNBC notes, Apple has ...

A new report released today by privileged access management company Delinea Inc. has found an increased gap in cyber insurance coverage as providers reduce their exposure and organizations ignore the fine print of cyber insurance policies. The 2023 State of Cyber Insurance report, based on a survey of organizations in the U.S., found that along ...

Security intelligence firm LogRhythm Inc. today announced a new partnership with file integrity monitoring company Cimcor Inc. to help organizations increase visibility and protect against modern cyberattacks. The partnership leverages LogRhythm’s security information and event management platform and Cimcor’s file integrity monitoring solution, CimTrak, to ingest integrity data that can identify zero-day, or unpatched, attacks, as well as ...

Security researchers are warning that a new wave of LockBit ransomware variants is in the wild following a leak of the source code used by the prolific ransomware gang last year. First emerging in 2020, the LockBit ransomware gang operates on a ransomware-as-a-service model where affiliates use already-developed ransomware to execute attacks. In its time, ...

The U.S. Securities and Exchange Commission today charged Impact Theory LLC, a Los Angeles-based entertainment company, for selling unauthorized securities for the company’s sale of nonfungible tokens in 2021, the first time the SEC has taken action against a company selling NFTs. Between October and December 2021, Impact Theory offered three tiers of NFTs known ...

Danish cloud hosting provider CloudNordic ApS has been struck by a ransomware attack that resulted in most customer data being lost and its systems rendered unusable. According to a statement on the company’s website, the ransomware attack took place on Aug. 18 local time, with those behind the attack shutting down all systems, including websites, ...