A new Pro-Ocean cryptojacking malware targets popular cloud applications including ApacheMQ, Oracle Weblogic and Redis. The malware contains four modules that execute to hide, mine cryptocurrency, watchdog and infect systems.
Security researchers have identified the source of a SQL Server malware “MrbMiner” attacks allegedly tied to an Iranian software firm.
Security firm FireEye has published new Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers, also known as UNC2452.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a 'grave risk' to critical infrastructure, government and private sector organizations.
Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.
Security researchers at Intezer Labs detected a new Linux malware dubbed "Doki" and cyber attack that uses blockchain wallet for generating command and control (C2) domain names.
Microsoft has released new Zero Trust guidance for Azure Active Directory (Azure AD). The guidance is part of a broader "Zero Trust Security Strategy" to help organizations provide more secure access to corporate resources.
In the wake of Coronavirus / COVID-19 pandemic, Microsoft has issued sound guidance for security leaders to improve remote worker security. Tech companies are also offering small businesses free access to online collaboration tools during the outbreak.
The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.
Remote conferencing service company, Zoom, has patched a vulnerability that could allow a bad actor to eavesdrop on your company's online meetings.