On June 20, 2024, government services were knocked offline as a cyberattack rocked the Indonesian National Data Center. Investigators would ...
Read More
SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execut...
Read More
DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure
DEF CON conference organizations are looking for volunteers to join a Franklin initiative to help secure critical infrastructure and school ...
Read More
NIST Finalizes 3 Algorithms to Combat Future Quantum Cyber Threats
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has taken a step in safeguarding digital security ag...
Read More
New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining
Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultima...
Read More
Publishers Spotlight: F5
I was thrilled to catch up with F5 during Black Hat USA 2024. Years ago, when I started an innovative e-commerce company, we used their Big ...
Read More
CISA’s Shields Up and Shields Ready Programs: A Proactive Approach to Cybersecurity for Critical Infrastructure
Cyber threats are constantly evolving, targeting the very foundation of our nation’s security and economy. To combat this ever-present chall...
Read More
Earth Baku Using Customized Tools To Maintain Persistence And Steal Data
Earth Baku, an APT actor who initially focused on the Indo-Pacific region, has grown its activities extensively since late 2022. The group h...
Read More
Critical SSRF Vulnerability in Microsoft Azure Let Hackers Compromise Health Bot Services
Tenable Research has uncovered significant security vulnerabilities in Microsoft’s Azure Health Bot Service, a cloud platform designed to en...
Read More
China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa
The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, ...
Read More
Operation Uncle Scam – AI-Powered Phishing Attack Steals Microsoft Dynamics 365 Credentials
Security researchers at Perception Point have uncovered a sophisticated phishing campaign, dubbed “Uncle Scam.” In this AI-powered campaign,...
Read More
Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service
Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a ...
Read More
Why Hardsec Matters: From Protecting Critical Services to Enhancing Resilience
Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them a...
Read More
AMD Sinkclose Vulnerability Lets Attackers Most Privileged Portions Of a Computer
A Sinkclose vulnerability, which has been detected in AMD processors for decades, lets hackers obtain access to some of the most privileged ...
Read More
Ukraine Warns of New Phishing Campaign Targeting Government Computers
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the Security Service of ...
Read More
Federal Appeals Court Finds Geofence Warrants Are “Categorically” Unconstitutional
In a major decision on Friday, the federal Fifth Circuit Court of Appeals held that geofence warrants are “categorically prohibited by th...
Read More
Google Manifest V3 and Malwarebytes Browser Guard
We wanted to update you on some changes that Google’s making, and what we’re doing in Browser Guard to keep you protected. This article has ...
Read More
How Phishing Attacks Adapt Quickly to Capitalize on Current Events
In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, acco...
Read More
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability
The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potent...
Read More
EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files
The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a sp...
Read More
Unsolicited ‘Offensive’ Political Emails Stir Data Privacy Concerns in East London
As a result of an online mailing list that has been set up without any consent of the Tower Hamlets residents, content that is anti-Israel...
Read More
Best Active Directory Monitoring Tools – 2024
Monitoring an Active Directory (AD) involves tracking and analyzing business AD events and activity. Windows-based systems store and manage ...
Read More
Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More
Our Weekly Cybersecurity Newsletter is your personal radar that will help you to surf through the ever-changing digital threat landscape. Th...
Read More
Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: August 2024 Patch Tuesday forecast: Lookin...
Read More
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share
As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be ass...
Read More
CSC ServiceWorks reveals 2023 data breach affecting thousands of people
The data breach is the latest security issue to beset CSC ServiceWorks over the past year, after multiple researchers found security bugs. ©...
Read More
New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distribu...
Read More
Critical OpenVPN Vulnerabilities Expose Millions of Devices to RCE Attack
Microsoft researchers have recently uncovered multiple medium-severity vulnerabilities in OpenVPN, a widely used open-source VPN software. O...
Read More
Microsoft Office Spoofing Vulnerability Let Attackers Steal Sensitive Data
Microsoft has disclosed a significant security vulnerability in its Office suite, identified as CVE-2024-38200, which could potentially allo...
Read More
Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users
Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eav...
Read More
Number of Incidents Affecting GitHub, Bitbucket, GitLab, and Jira Continues to Rise
The number of incidents affecting GitHub, Bitbucket, GitLab, and Jira is on the rise, leading to outages, human errors, cyberattacks, data b...
Read More
Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities
CISA is warning organizations about abuse of Cisco Smart Install feature, as Cisco is notifying customers about critical phone vulnerabiliti...
Read More
Elon Musk Shares Fake News Of UK Rioters Being Deported To Falklands
Owner of X, Elon Musk, deletes his post of faked article that claimed UK rioters would be deported to Falkland Islands This article has been...
Read More
Researchers Demonstrate How Hackers Can Exploit Microsoft Copilot
At the recent Black Hat USA conference, security researcher Michael Bargury unveiled alarming vulnerabilities within Microsoft Copilot, demo...
Read More
CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install...
Read More
AI Model Achieve 98% Accuracy in Collecting Threat Intelligence From Dark Web Forums
In a recent study, researchers from the Université de Montréal and Flare Systems have demonstrated that large language models (LLMs) can acc...
Read More
STAC6451 Hackers Attacking Microsoft SQL Servers to Compromise Organizations
A newly identified hacker group, designated as STAC6451, has been actively targeting Microsoft SQL (MSSQL) servers to compromise organizatio...
Read More
New Cmoon Worm Attacking Users Via Compromised Websites
Cybersecurity experts have uncovered a new worm named CMoon targeting users through compromised websites. This sophisticated malware can ste...
Read More
AMD Patches Multiple Memory Vulnerabilities That Leads Corrupt The Guest VM
Three potential vulnerabilities in Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) could allow an attacker to read or corru...
Read More
CrowdStrike Reveals Root Cause of Global System Outages
Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled mill...
Read More
Apple’s New macOS Sequoia Tightens Gatekeeper Controls to Block Unauthorized Software
Apple on Tuesday announced an update to its next-generation macOS version that makes it a little more difficult for users to override Gateke...
Read More
INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore
INTERPOL said it devised a "global stop-payment mechanism" that helped facilitate the largest-ever recovery of funds defrauded in ...
Read More
North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry
The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry...
Read More
Suspicious Minds: Insider Threats in The SaaS World
Everyone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intent...
Read More
New Android Spyware LianSpy Evades Detection Using Yandex Cloud
Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cyber...
Read More
Enhancing Incident Response Readiness with Wazuh
Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome chall...
Read More
Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access
A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to...
Read More
New Android Trojan "BlankBot" Targets Turkish Users' Financial Data
Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financia...
Read More
China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates
The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious software updat...
Read More
DoJ and FTC Sue TikTok for Violating Children's Privacy Laws
The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform ...
Read More
Subscribe to:
Posts (Atom)