Author: Admin

The botnet uses a tactic called crypto clipping, which relies on malware to steal cryptocurrency during a transaction, says Check Point Research. Image: iStock/bagotaj Botnets are a popular tool used by cybercriminals to control a network of compromised machines for malicious purposes. And as botnets get more sophisticated, the level of damage they can inflict grows. A new botnet variant discovered by cyber threat intelligence provider Check Point Research employs a unique method to steal…

The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks. The DHS says that it is launching the “Hack DHS” bug bounty program to “identify potential cybersecurity vulnerabilities within certain DHS systems and increase the Department’s cybersecurity resilience.” According to the DHS, whose Alejandro Mayorkas announced the initiative at the Bloomberg Technology Summit, “Hack DHS”…

The Ransomware as a Service (RaaS) landscape underwent another major shift in the third quarter as new variants emerged to become the dominant players in the ecosystem, according to Intel 471. In a new update, the threat intelligence company explained that 60% of the attacks it tracked during the period were tied back to four variants: LockBit 2.0, Conti, BlackMatter and Hive. Of these, LockBit 2.0 was the most prolific, accounting for a third (33%)…

The need for API management platforms has escalated over the past decade. Leveraging the power of sharing information, much of the data swapping on the internet nowadays happens automatically through APIs, making the once obscure way for developers to organize their software a vital corporate tool for organizing any business dependent on data. A good enterprise API management tool today can interact with code running both inside the enterprise and out in the wilds of…

In September 2021, Tripwire released its annual report to examine the actions taken by the U.S. federal government to improve cybersecurity. The report also looks at non-government organizations so that we may catch a glimpse of the differing views and approaches of each, which makes for interesting (and revealing) insights. The results of such surveys are also worthy of examination and discussion, as they are relevant to the United States and offer us an opportunity to…

On December 9th 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell.” This vulnerability has been classified as “Critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. If you are currently working to identify instances of this vulnerability, Tripwire can help. Tripwire IP360 can be configured to detect the vulnerability through application scanning. IP360’s ASPL-978 includes multiple checks for identifying instances of the…