In a Tuesday testimony before the Senate Judiciary Committee, FBI Director Christopher Wray stated that “there is no country that poses a more severe counterintelligence threat to this country right now than China.” Wray also warned that Russia is still “absolutely intent” on interfering in the 2020 US presidential election.
The identities of three members of China-linked hacking group APT17 (aka Deputy Dog or Axiom) have been exposed by a group of anonymous cybersecurity researchers known as Intrusion Truth. By doxing three individuals that seemed to be part of APT17, Intrusion Truth revealed that one of them is an officer of
Earlier this week, US cybersecurity firm Immunity Inc. announced that it has added a functional BlueKeep exploit to its commercial pen-testing toolkit called CANVAS v7.23. BlueKeep, tracked as CVE-2019-0708, impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. It is a very dangerous flaw because it could be
A new global survey conducted by CyberArk indicates that half of organizations have little confidence in their cyber defenses and actually believe that threat actors can break into their networks whenever they want to. When it comes to threats to their critical assets, organizations are mostly worried about hackers (78%),
Rapid7 has released a new report combining data from 180 real-world penetration tests carried out in enterprise environments. The research indicates that the data protection efforts of nearly all organizations (96%) are seriously undermined by at least one serious flaw in their systems. Moreover, pentesters managed to obtain at least
Tenable researchers have uncovered a remote code-execution (RCE) flaw affecting the VPN software offered by Palo Alto Networks. The vulnerability, tracked as CVE-2019-1579, was inadvertently fixed in the latest versions of the software, even though the company was unaware of it at the time. However, older versions of the VPN
A recent survey by Cyren and Osterman Research found that 4 in 10 companies in the US and the UK have experienced the compromise of Office 365 login credentials, with incidents being more common in the UK (54%) than in the US (34%). Furthermore, when taking into account all organizations,
FireEye researchers recently uncovered a new phishing campaign by Iranian state-backed cyber espionage group APT34 (aka OilRig or Greenbug) that took advantage of LinkedIn. Masquerading as a Cambridge University lecturer on LinkedIn, the threat actors invited people to connect with them. If a victim accepted the connection, the hackers would
The Russian Federal Security Service (FSB) suffered the biggest data leak in its history after a hacking group operating under the name 0v1ru$ recently obtained unauthorized access to the network of Sytech, a contractor for the FSB. After stealing 7.5TB of data from Sytech, 0v1ru$ shared the information with a
Last Friday, threat actors hacked into the London Metropolitan Police’s account for the MyNewsDesk public relations platform, and used their access to post unauthorised messages on the Met’s website and to send out unusual Tweets and emails from official Met accounts. The Met has launched an investigation into the incident.