Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management The post Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management appeared first on...
Day: January 14, 2023
USENIX Security ’22 – Aloni Cohen, University of Chicago – ‘Attacks on Deidentification’s Defenses’
USENIX Security ’22 – Aloni Cohen, University of Chicago – ‘Attacks on Deidentification’s Defenses’Distinguished Paper Award Winner Our thanks to USENIX for publishing their Presenter’s outstanding...
Tesla Factories Pollute Schools? A Story Nobody is Talking About
Tesla Factories Pollute Schools? A Story Nobody is Talking AboutFrom a long list of horrible societal harms from Tesla, some obviously criminal, this one surprised me...
Why Do User Permissions Matter for SaaS Security?
Why Do User Permissions Matter for SaaS Security?Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts...
New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS AttacksA group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious...
Microsoft January Patch Tuesday 2023: 98 Security Vulnerabilities and a Zero Day
Microsoft January Patch Tuesday 2023: 98 Security Vulnerabilities and a Zero DayOn January 10th, 2023 Microsoft released their January Patch Tuesday fixes and revealed 98 vulnerability...
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQLThe threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial...
Severe Security Flaw Found in “jsonwebtoken” Library Used by 22,000+ Projects
Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ ProjectsA high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if...
Italian Users Warned of Malware Attack Targeting Sensitive Information
Italian Users Warned of Malware Attack Targeting Sensitive InformationA new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer...
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging AppA comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a...
StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users
StrongPity Hackers Distribute Trojanized Telegram App to Target Android UsersThe advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the...
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day ExploitThe first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security...
Dark Pink APT Group Targets Governments and Military in APAC Region
Dark Pink APT Group Targets Governments and Military in APAC RegionGovernment and military organizations in the Asia-Pacific region are being targeted by a previously unknown advanced...
Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99
Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99Are you looking to take your career in the information security industry to the next...
Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks
Australian Healthcare Sector Targeted in Latest Gootkit Malware AttacksA recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools...
New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors
New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat ActorsA new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors...
Alert: Hackers Actively Exploiting Critical “Control Web Panel” RCE Vulnerability
Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE VulnerabilityMalicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP)...
Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System
Twitter Denies Hacking Claims, Assures Leaked User Data Not from its SystemTwitter on Wednesday said that its investigation found "no evidence" that users' data sold online...
Patch Where it Hurts: Effective Vulnerability Management in 2023
Patch Where it Hurts: Effective Vulnerability Management in 2023A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability....
Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk
Experts Detail Chromium Browser Security Flaw Putting Confidential Data at RiskDetails have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully...
Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover
Over 100 Siemens PLC Models Found Vulnerable to Firmware TakeoverSecurity researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs)...
IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours
IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 HoursA recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain...
FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations
FortiOS Flaw Exploited as Zero-Day in Attacks on Government and OrganizationsA zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors...
Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023!
Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023!As the new year begins, it's more important than ever to protect...
Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar
Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the RadarRemote access trojans such as StrRAT and Ratty are being distributed as a combination of...
Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware
Beware: Tainted VPNs Being Used to Spread EyeSpy SurveillancewareTainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign...
Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers
Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business RoutersCisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082...
TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws
TikTok Fined $5.4 Million by French Regulator for Violating Cookie LawsPopular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the...
Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
Cacti Servers Under Attack as Majority Fail to Patch Critical VulnerabilityA majority of internet-exposed Cacti servers have not been patched against a recently patched critical security...
Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident
Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security IncidentDevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged...