Posted by Kim Lewandowski, Azeem Shaikh, Laurent Simon, Google Open Source Security Team Contributors to the Scorecards project, an automated security tool that produces a “risk score”...
Day: July 10, 2021
CISO CISO Education Cyber Security Cyber Security Papers Global SaaS Security Security Reports Security Surveys The Hacker News
The Hacker News – New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021
For years, security professionals have recognized the need to enhance SaaS security. However, the exponential adoption of Software-as-a-Service (SaaS) applications over 2020 turned slow-burning embers into...
The Hacker News – Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities
Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on...
CISO CISO2CISO Cyber Security Advisors Cricital RCE CVE Database Vulnerabilities Information Cyber Security Global Microsoft PrintNightMare The Hacker News Vulnerabilities
The Hacker News – Microsoft’s Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability
Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix...
CISO CISO2CISO Cyber Security Advisors Cyber Attacks Cyber Security Disable Macro Security Global Microsoft Microsoft Office365 The Hacker News Vulnerabilities
The Hacker News – Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files
While it’s a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain...
CISO Credit and finantial information stolen Cyber Security Global Magecart Group MalWare The Hacker News
The Hacker News – Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data...
threatpost – How Fake Accounts and Sneaker-Bots Took Over the Internet
Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis. Recently, one of my friends from...
API Security problems CISO Coursera Cyber Security Global OWASP Seurity Standars & Frameworks threatpost Vulnerabilities
threatpost – Coursera Flunks API Security Test in Researchers’ Exam
The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data....
CISO Cyber Espionage Cyber Security Global MalWare Oil & Gas Sector - Industry - Market Social Engineering Spear-Phishing Attack Vector threatpost
threatpost – Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign
A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs. A sophisticated campaign targeting large...
threatpost – Lazarus Targets Job-Seeking Engineers with Malicious Documents
Notorious North Korean APT impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware. The notorious Lazarus advanced persistent threat (APT) group has been identified...
Allow Remote elevation of privileges Cisco CISO Critical Bug Alert Cyber Security Global Root Privilege Escalation threatpost Unprivileged Users Gain Root Access Vulnerabilities
threatpost – Cisco BPA, WSA Bugs Allow Remote Cyberattacks
The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more. A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation (BPA) application...
CISO CISO2CISO Cyber Security Advisors Cyber Security MalWare Malware-Protection Bypass Microsoft Microsoft Office365 threatpost
threatpost – Microsoft Office Users Warned on New Malware-Protection Bypass
Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it....