In a recent development within the cybersecurity landscape, a new and previously unidentified threat actor known as Sandman has emerged, launching a series of cyber attacks against telecommunications providers across the Middle East, Western Europe, and the South Asian region. Analysts have noted that the tactics employed during these intrusions…
Scammers Targeting DocuSign APIs to Distribute Realistic Phishing Invoices In a concerning development within the cybersecurity landscape, scammers have identified a method to exploit DocuSign’s APIs to distribute counterfeit invoices. This phishing scheme particularly aims at well-known security software brands like Norton, making the fraudulent communications appear remarkably authentic. The…
Welcome to ISMG! Fill out your profile to keep informed Select Title LevelAnalytics/Architecture/EngineeringAttorney / General Counsel / CounselAVPBoard of DirectorsC-Level ExecutiveC-Level – OtherChief Commercial Officer (CCO)Chief Executive Officer (CEO) / PresidentChief Financial Officer (CFO)ChairpersonChief Information Officer (CIO)Chief Information Security Officer / Chief Security OfficerCISO/CSO/CIOChief Operating Officer (COO)Chief Risk Officer (CRO)Chief…
A new cyber threat has emerged, identified as “Cuttlefish,” specifically targeting small office and home office (SOHO) routers. This sophisticated malware aims to covertly monitor all traffic traversing these devices while collecting authentication data from HTTP GET and POST requests. According to a recent report from the Black Lotus Labs…
Cisco Systems has reported that a recent incident involving a misconfigured public-facing DevHub portal led to the unauthorized download of certain internal files by a threat actor. The company asserts that the compromised files do not contain sensitive information that could facilitate future breaches within its systems. This incident highlights…
The FBI has raised alarms about a rising trend of dual ransomware attacks targeting organizations, a phenomenon that has been increasingly observed since July 2023. These coordinated attacks involve the deployment of multiple ransomware variants against a single victim, with notable malware strains including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum,…
Gmail, frequently regarded as one of the safest email platforms, is currently grappling with a surge of security incidents that are alarming its user base. Insights from Google’s Threat Analysis team indicate that numerous Gmail users have fallen prey to advanced phishing schemes linked to a malicious security reset tactic…
Healthcare organizations are facing increasing cyber threats, prompting a critical need to reevaluate their security strategies, particularly concerning insider threats, cyber awareness training, and the protection of mobile applications and devices. This insight was shared by Ryan Witt, Vice President of Industry Solutions at Proofpoint, in light of findings from…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a significant vulnerability affecting GitLab in its Known Exploited Vulnerabilities (KEV) catalog, alerting the cybersecurity community to active exploitation. This vulnerability, designated as CVE-2023-7028, carries a CVSS score of 10.0, indicating its critical nature. It permits potential account takeover…
