Authors/Presenters:Yiran Zhang, Qingkai Meng, Chaolei Hu, Fengyuan Ren Our sincere thanks to USENIX, and the Presenters & Authors for pu...
Read More
US indicts two over socially engineered $230M+ crypto heist
Just one victim milked of nearly a quarter of a billion bucks Two individuals are in cuffs and facing serious charges in connection to a maj...
Read More
CISA Releases Six New Advisories For Industrial Control Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has issued six new advisories concerning industrial control systems (ICS) on Sep...
Read More
GitLab Urges Organizations To Patch For Authentication Bypass Vulnerability
GitLab, the popular DevOps platform, has issued a critical security advisory urging organizations to immediately patch their self-managed Gi...
Read More
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild. T...
Read More
Valencia Ransomware crew explodes on the scene, claims California city, fashion giant, more as victims
Boasts ‘appear to be credible’ experts tell El Reg A California city, a Spanish fashion giant, an Indian paper manufacturer, and two pharmac...
Read More
Wherever There's Ransomware, There's Service Account Compromise. Are You Protected?
Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Ident...
Read More
New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit
The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server (VPS) infrastr...
Read More
CISA Warns of Five Vulnerabilities Actively Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding five critical vulnerabilities that are be...
Read More
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an ...
Read More
Cyber Attack on Security Firm Dr.Web Forces Servers Disconnection
In a recent cyberattack, Russian cybersecurity firm Doctor Web (Dr.Web) was forced to disconnect all its servers to mitigate the threat and ...
Read More
23andMe Agrees to $30 Million Settlement Over Data Breach Impacting 6.9 Million Customers
23andMe has agreed to pay $30 million and provide three years of security monitoring as part of a settlement to resolve a lawsuit alleging...
Read More
What is Block Cipher? – How it Works, Definition & Types
Block ciphers are a fundamental component of modern cryptography, crucial in securing data across various digital platforms. Unlike stream c...
Read More
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging
The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said i...
Read More
Chrome 129 Released With Fix for 9 Security Flaws
Google has announced the release of Chrome 129, which is now available on the stable channel for Windows, Mac, and Linux users. This update ...
Read More
VMware vCenter Server Vulnerabilities Let Attackers Execute Remote Code
VMware has disclosed two critical security vulnerabilities affecting its vCenter Server and Cloud Foundation products that could allow attac...
Read More
At least nine dead, thousands hurt in Lebanon after Hezbollah pagers explode
Eight-year-old among those slain, Israel blamed, Iran’s Lebanese ambassador wounded, it’s reported Lebanon says at least nine people, includ...
Read More
Apple iOS 18 Released with Fixes for 32 Security Vulnerabilities
Apple has released iOS 18, addressing a total of 32 security vulnerabilities across various components of its operating system. This compreh...
Read More
PoC Exploit Ivanti Endpoint Manager Remote Code Execution Vulnerability
Ivanti Endpoint Manager, a widely used IT management software, has discovered a critical security vulnerability. CVE-2024-29847 vulnerabilit...
Read More
Securing SAP Systems: Essential Strategies to Protect Against Hackers
Due to its wide acceptance, SAP has become a favorite target for hackers. With the ubiquity of SAP Enterprise Resource Planning (ERP) system...
Read More
US government expands sanctions against spyware maker Intellexa
This latest round of government sanctions lands months after Intellexa’s founder Tal Dilian was sanctioned for selling the Predator spyware....
Read More
Methodology for incident response on generative AI workloads
The AWS Customer Incident Response Team (CIRT) has developed a methodology that you can use to investigate security incidents involving gene...
Read More
North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware
Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to...
Read More
Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure
Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk ...
Read More
Trends and dangers in open-source software dependencies
A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation cost...
Read More
Azure API Management Vulnerability Let Users Escalate Privileges
A critical vulnerability was recently discovered in Azure API Management (APIM) that allowed users with Reader-level access to escalate thei...
Read More
Ford’s Latest Patent: A Step Toward High-Tech Advertising or Privacy Invasion?
Among those filed recently is one from Ford for a system that gathers driver data to personalise in-car advertisements, which raises lots ...
Read More
Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals
A data breach at Florida-based recruitment firm MNA Healthcare has left sensitive information of over 14,000 healthcare workers and 10,000...
Read More
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw ma...
Read More
New Linux Malware Exploiting Oracle Weblogic Servers
Oracle WebLogic Server is an application server that is primarily designed to develop, deploy, and manage enterprise applications based on J...
Read More
IT Security News Daily Summary 2024-09-14
CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe USENIX Security ’23 – On the Feasibility of Malwa...
Read More
Cryptocurrency Scams Surge in 2023, FBI Reports Record $5.6 Billion in Losses
Despite cryptocurrency no longer dominating the headlines like it did during the 2021 to 2022 boom, cybercriminals are still leveraging it...
Read More
GitLab Warns of Critical Pipeline Execution Vulnerability
GitLab released updates covering versions 17.1.7, 17.2.5, and 17.3.2 for GitLab Community Edition (CE) and Enterprise Edition (EE), addressi...
Read More
Kawasaki Europe Confirms Cyber Attack, RansomHub Claims Responsibility
Kawasaki Motors Europe (KME) has officially confirmed it was the target of a cyberattack in early September, causing temporary disruptions t...
Read More
Port of Seattle Confirms August Cyberattack by Rhysida Ransomware
The Port of Seattle has confirmed that the Rhysida ransomware gang orchestrated the cyberattack that disrupted its systems and operations in...
Read More
USENIX Security ’23 – Security Analysis of MongoDB Queryable Encryption
Authors/Presenters:Zichen Gui, Kenneth G. Paterson, Tianxin Tang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 ...
Read More
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London ...
Read More
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress ...
Read More
SquareX, Awarded Rising Star Category in CybersecAsia Readers’ Choice Awards 2024
SquareX has been named a winner of the prestigious Rising Star category in CybersecAsia Readers’ Choice Awards 2024 Awards, due to its outst...
Read More
White hat heroes—Your introduction to ethical hacking
Let’s face it—hacking has always had a certain allure. Cult films like Hackers made it look cool, while The Matrix introduced the world to a...
Read More
Threat Actor Claims Fortinet Data Breach via Third-Party Service
A threat actor claimed unauthorized access to a third-party cloud-based file-sharing service used by Fortinet. The incident reportedly affec...
Read More
Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking
Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. ...
Read More
Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe
The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google'...
Read More
Criminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global Audiences
Criminal IP, a distinguished leader in Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, announced that it has successful...
Read More
Kali Linux 2024.3 Released with 11 New Hacking Tools
The Kali Linux team has released Kali Linux 2024.3, the latest iteration of their popular penetration testing and ethical hacking distributi...
Read More
DoJ Distributes $18.5 Million to Western Union Fraud Victims
The U.S. Department of Justice has distributed $18. 5m to about 3000 victims of fraud facilitated by Western Union. This is part of the seco...
Read More
What is Buffer Overflow?
Buffer overflow is a critical vulnerability in computer security that has persisted for decades. Despite technological advancements and secu...
Read More
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding as...
Read More
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilit...
Read More
Microsoft Security Update, 4 Zero-days & 79 Vulnerabilities Fixed
Microsoft’s September 2024 Patch Tuesday has addressed a significant number of security vulnerabilities, including four zero-day exploits an...
Read More
Subscribe to:
Posts (Atom)