Pro CISO’s Threat Intelligence service identifies collections of Bitwarden password manager credentials on the Darkweb

How the CL0P ransomware group exploits a zero day vulnerability of the MOVEit file transfer product, to attack their victims, encrypt their data and demand a ransom to decrypt the files.

"Stealer" malware is the new silent threat. Targeting anyone, both individuals and organizations, with the objective to harvest credentials and sensitive information from user devices and sell them on the Darkweb

Why did cybersecurity become a business risk? Because of ransomware ? Or maybe, because of something we've all heard about called: the Digital Transformation (DX) ?

When it isn't practical to integrate all corporate apps with SSO, it's still possible to adopt an overlay solution, that is integrated with SSO, providing MFA and central access and control to applications.

Interesting precedent over the 2016 Uber Data Breach sentence, concerning the CISO's responsibility in a cybersecurity incident

The US FBI, CISA, and Australian Cyber Security Centre (ACSC) release a joint Cybersecurity Advisory to warn about the emerging BianLian ransomware and data extortion group

Dashlane Enterprise Password Manager is the first to support Passkeys

Dashlane releases its new Confidential SSO feature to allow users to securely and seamlessly log into Dashlane with their existing company SSO credentials.

Phishing is one of the most successful entry points for attackers to compromise an organization. CISA provides an Infographic to help both individuals and companies to be more protected.

Researchers at Leiden Institute of Advanced Computer Science find many fake proof-of-concept (PoC) exploits for vulnerabilities on GitHub, many of them including malware.

The Dutch National Police trick the DeadBolt ransomware gang, by reversing the Bitcoin ransom payments, after receiving the decryption keys for multiple victims.

Mandiant uncovers a new type of malware that targets ESXi Hypervisors, Linux vCenters and SAN arrays, through which attackers gain undeteced privileged access to the underlining virtual machines.

Attackers spam users with MFA push notifications, until they finally accept by error or just because they are overwhelmed. This is becoming more common way of bypassing MFA.

Microsoft releases Defender standalone for Android, Apple iOS, macOS and of course Windows, for customers having a Microsoft 365 home or business subscription

CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination

The Five Eyes (FVEY) intelligence alliance warns managed service providers (MSPs) and their customers around increasing supply chain attacks.

Apple, Google and Microsoft today jointly announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium

Windows Autopatch will keep Windows and Office software on enrolled endpoints up-to-date automatically

Trend Micro Threat Research identify malicious actors actively exploiting the Spring4Shell vulnerability to weaponize and execute the Mirai DDoS botnet malware.

The new juvenile data extortion group, LAPSUS$, has taken big organizations by surprise with their old-fashioned social engineering attacks

A new vulnerability in the Spring Framework for Java Development Kit (JDK) version 9.0 or later. Exposes millions of systems to compromise, similarly to the Log4j vulnerability,

The Cyber Incident Reporting Act introduces new cybersecurity reporting requirements that will apply to businesses in almost every major sector of the economy.

The Microsoft Defender for IoT research team has discovered the method through which MikroTik devices are used in Trickbot’s C2 infrastructure. 

The German BSI federal cybersecurity agency suggests to uninstall Kaspersky antivirus, assuming that it could find itself being used against its management's will to harm instead of protect its customers