Iranian Group Cobalt Sapling Targets Saudi Arabia With New PersonaThe findings come from cybersecurity experts at Secureworks' Counter Threat UnitLeer másThe findings come from cybersecurity experts...
Month: January 2023
Is Once-Yearly Pen Testing Enough for Your Organization?
Is Once-Yearly Pen Testing Enough for Your Organization?Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even...
Researchers Uncover Connection b/w Moses Staff and Emerging Abraham’s Ax Hacktivists Group
Researchers Uncover Connection b/w Moses Staff and Emerging Abraham's Ax Hacktivists GroupNew research has linked the operations of a politically motivated hacktivist group known as Moses...
Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA
Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSAProof-of-concept (Poc) code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI...
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]Lastest episode - listen now! (Or read the transcript.)Leer másNaked SecurityLastest episode - listen now! (Or read...
Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation
Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence OperationGoogle on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a...
Happy 13th Birthday, KrebsOnSecurity!
Happy 13th Birthday, KrebsOnSecurity!KrebsOnSecurity turns 13 years old today. That’s a crazy long time for an independent media outlet these days, but then again I’m bound...
U.S. sues Google for abusing dominance over online ad market
U.S. sues Google for abusing dominance over online ad marketThe U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in...
Identity Thieves Bypassed Experian Security to View Credit Reports
Identity Thieves Bypassed Experian Security to View Credit ReportsIdentity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big...
Microsoft shares workaround for unresponsive Windows Start Menu
Microsoft shares workaround for unresponsive Windows Start MenuMicrosoft has confirmed an issue causing the Windows Start menu to become unresponsive and some applications to no longer...
VMware fixes critical security bugs in vRealize log analysis tool
VMware fixes critical security bugs in vRealize log analysis toolVMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain...
Ransomware access brokers use Google ads to breach your network
Ransomware access brokers use Google ads to breach your networkA threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware,...
US Maritime Administrator to study port crane cybersecurity concerns
US Maritime Administrator to study port crane cybersecurity concernsThe 2023 National Defense Authorization Act (NDAA) passed by Congress and signed by President Biden in late December...
Microsoft 365 outage takes down Teams, Exchange Online, Outlook
Microsoft 365 outage takes down Teams, Exchange Online, OutlookMicrosoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues. [...]Leer...
European data protection authorities issue record €1.65 billion in GDPR fines
European data protection authorities issue record €1.65 billion in GDPR finesEuropean data regulators issued a record €1.65 billion in fines last year, a 50% increase from...
DigiCert releases Trust Lifecycle Manager to unify certificate management, PKI services
DigiCert releases Trust Lifecycle Manager to unify certificate management, PKI servicesDigital security certificate company DigiCert has announced the launch of DigiCert Trust Lifecycle Manager – a...
New stealthy Python RAT malware targets Windows in attacks
New stealthy Python RAT malware targets Windows in attacksA new Python-based malware has been spotted in the wild featuring remote access trojan (RAT) capabilities to give its...
How attackers might use GitHub Codespaces to hide malware delivery
How attackers might use GitHub Codespaces to hide malware deliveryAttackers could start abusing GitHub Codespaces, a new service that allows developers to create and test applications...
Esquema de fraude masivo afectó a más de 11 millones de móviles
Esquema de fraude masivo afectó a más de 11 millones de móvilesLos investigadores cerraron un esquema de fraude publicitario «expansivo» que falsificó más de 1.700 aplicaciones...
Requirements for Cyber Insurance are Changing…Fast!
Requirements for Cyber Insurance are Changing…Fast!The landscape of cyber risks continues to create a sea change affecting many areas of the industry. From regulatory compliance mandates...
Lessons Learned from the Windows Remote Desktop Honeypot Report
Lessons Learned from the Windows Remote Desktop Honeypot ReportOver several weeks in October of 2022, Specops collected 4.6 million attempted passwords on their Windows Remote Desktop...
Microsoft Patch Tuesday, January 2023 Edition
Microsoft Patch Tuesday, January 2023 EditionMicrosoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the...
Drupal core – Moderately critical – Information Disclosure – SA-CORE-2023-001
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-001Project: Drupal coreDate: 2023-January-18Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information DisclosureAffected versions: >=8.0.0 =9.5.0 =10.0.0 Description: The...
Delincuentes promocionan malware a través de anuncios de búsqueda de Google
Delincuentes promocionan malware a través de anuncios de búsqueda de GoogleBasándose en la creación de sitios falsos y pautando para que la página salga en los...
Falla crítica en Cisco Unified Communications Manager
Falla crítica en Cisco Unified Communications ManagerCisco corrigió una falla de inyección SQL de alta gravedad, rastreada como CVE-2023-20010 (puntaje CVSS de 8.1), en Unified Communications...
ChatGPT – Revolutionary AI or handy tool in the hands of cybercriminals?
ChatGPT – Revolutionary AI or handy tool in the hands of cybercriminals?ChatGPT (https://openai.com/blog/chatgpt/) is a variant of the GPT (Generative Pre-trained Transformer) language model that is...
Brecha de seguridad en Mailchimp permite robo de datos (Sí, de nuevo)
Brecha de seguridad en Mailchimp permite robo de datos (Sí, de nuevo)El popular servicio de marketing por correo electrónico y boletines Mailchimp ha revelado otra brecha...
MSA-23-0003: Possible to set the preferred "start page" of other users
MSA-23-0003: Possible to set the preferred "start page" of other usersby Michael Hawkins. Insufficient limitations on the "start page" preference made it possible to set that...
El malware Emotet regresa con nuevas técnicas de evasión
El malware Emotet regresa con nuevas técnicas de evasiónLa operación de malware Emotet ha seguido refinando sus tácticas en un esfuerzo por pasar desapercibido, al mismo...
Remote.it takes steps toward zero trust with ‘single line of code’ provisioning
Remote.it takes steps toward zero trust with 'single line of code' provisioningNetwork management company Remote.it today announced new features for its core SaaS-based service, including support...