Drupalgeddon3: Third Critical Flaw Discovered
For the third time in the last 30 days, Drupal site owners are forced to patch their installations. As the Drupal team noted a few days ago, new versions of the Drupal CMS were released, to patch one more critical RCE vulnerability affecting Drupal 7 and 8 core.
The vulnerability, code-named Drupalgeddon3, exploits improper input validation in the Form API....
FS-ISAC 2018 Summit
<img src="https://info.digitalguardian.com/rs/768-OQW-145/images/fsi-isac-logo.png">
Digital Guardian will be presenting and exhibiting in Booth #69.Get tools, tips and recipes from our threat hunting experts.
Boca Raton | May 20-23 | Boca Raton Resort
- Read more
Analyst Insights – The 4 Questions for GDPR Success
Bloor Research
Analyst Insights – The 4 Questions for GDPR Success
This webinar was recorded April 26, 2018.
- Read more
DDoS attacks in Q1 2018
News overview
In early January, it was reported that an amateur hacker had come close to pulling off a botnet attack using “improvised” materials. Armed with information gleaned from hacker forums, the DIYer created a Trojan using a zero-day exploit in Huawei routers and released it online. The attack was soon nipped in the bud, but the wannabe cybercriminal could...
Supply Chain Risk: Time to Focus on Partners Ahead of GDPR Deadline
With the GDPR compliance deadline of May 25 almost upon us, recent events have highlighted the importance of locking down third-party risk. Attacks on supply chain partners, Facebook’s data leak scandal and a new report from the National Cyber Security Centre (NCSC) have all come at an opportune time to illustrate the potential liabilities facing firms.
The GDPR will require...
Five Critical Steps of a Complete Security Risk and Compliance Lifecycle
Five Critical Steps of a Complete Security Risk and Compliance Lifecycle #outlook a{ padding:0; } body{ width:100% !important; } .ReadMsgBody{ width:100%; } .ExternalClass{ width:100%; } body{ -webkit-text-size-adjust:none; } body{ margin:0; padding:0; } img{ border:0; height:auto; line-height:100%; outline:none; text-decoration:none; } table td{ border-collapse:collapse; } #backgroundTable{ height:100% !important; margin:0;...
Energetic Bear/Crouching Yeti: attacks on servers
Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010. The group tends to attack different companies with a strong focus on the energy and industrial sectors. Companies attacked by Energetic Bear/Crouching Yeti are geographically distributed worldwide with a more obvious concentration in Europe and the US. In 2016-2017, the number of attacks on companies...
Latest article
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows...
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency
Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online,...
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans
Blake McDermott is Senior Threat Hunter at Rapid7.Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports...
Fake Software Tutorials on TikTok Spread Vidar Stealer
Threat actors push fake free-software tutorials on TikTok and Instagram to spread Vidar stealer - Read more
