Source: www.bleepingcomputer.com – Author: Sergiu Gatlan A threat actor known as Spyboy is promoting a tool called “Terminator” on a Russian-speaking hacking forum that can allegedly...
Day: June 1, 2023
Hackers exploit critical Zyxel firewall flaw in ongoing attacks – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install...
Stealthy SeroXen RAT malware increasingly used to target gamers – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas A stealthy remote access trojan (RAT) named ‘SeroXen’ has recently gained popularity as cybercriminals begin using it for its low...
Toyota finds more misconfigured servers leaking customer info – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners’ personal information for over seven years....
7 Stages of Application Testing: How to Automate for Continuous Security – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sponsored by Outpost24 With cyber-attacks becoming more sophisticated, organizations are becoming increasingly aware of the importance of safeguarding their web applications against...
Dark Pink hackers continue to target govt and military organizations – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations...
BrandPost: Cybercriminals are abusing security tools—here’s how we’re stopping them – Source: www.csoonline.com
Source: www.csoonline.com – Author: About | When you have comprehensive security, the future is yours to build. Learn about the strategies and solutions to secure your...
Gigabyte firmware component can be abused as a backdoor – Source: www.csoonline.com
Source: www.csoonline.com – Author: Attackers can abuse the UEFI firmware to inject executable malware code into the Windows kernel, compromising systems. Researchers warn that the UEFI...
Inactive, unmaintained Salesforce sites vulnerable to threat actors – Source: www.csoonline.com
Source: www.csoonline.com – Author: Research highlights the risks posed by inactive Salesforce sites that continue to pull sensitive business data and can be easily exploited by...
Trellix, Netskope announce new Amazon Security Lake support to enhance threat detection, remediation – Source: www.csoonline.com
Source: www.csoonline.com – Author: Trellix expands XDR support for Amazon Security Lake while Netskope integrates its SSE platform with AWS’ centralized security data service. Cybersecurity vendors...
Barracuda patches zero-day vulnerability exploited since October – Source: www.csoonline.com
Source: www.csoonline.com – Author: The vulnerability stemmed from incomplete input validation of user-supplied .tar files as it pertains to the names of the files contained within...
BrandPost: Business risk is a critical component of cloud-native application protection – Source: www.csoonline.com
Source: www.csoonline.com – Author: About | Security resilience for the unpredictable to connect and protect every part of your business. Withstand the unforeseen and emerge stronger...
How CISOs can achieve more with less during uncertain economic times – Source: www.cybertalk.org
Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: At the beginning of 2023, CISOs were optimistic about the prospect of higher budgets for cyber security, anticipating continued...
RSAC Fireside Chat: Reinforcing ‘Identity and Access Management’ to expose ‘shadow access’ – Source: www.lastwatchdog.com
Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido The world of Identity and Access Management (IAM) is rapidly evolving. Related: Stopping IAM threats IAM began...
New “Migraine” Flaw Enables Attackers to Bypass MacOS Security – Source: www.infosecurity-magazine.com
Source: www.infosecurity-magazine.com – Author: 1 A new vulnerability has been discovered in macOS that allows attackers with root access to bypass System Integrity Protection (SIP) and...
SpinOk Trojan Compromises 421 Million Android Devices – Source: www.infosecurity-magazine.com
Source: www.infosecurity-magazine.com – Author: 1 A new Android Trojan has been discovered by security researchers that potentially compromised 421 million devices. The Doctor Web team unveiled...
IDSA: Only 49% of Firms Invest in Identity Protection Before Incidents – Source: www.infosecurity-magazine.com
Source: www.infosecurity-magazine.com – Author: 1 Only 49% of leadership teams proactively invest in identity protection solutions before a security incident. Just 29% take action to support...
Chrome 114 Released With 18 Security Fixes – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Google this week announced the release of Chrome 114 to the stable channel with a total of 18 security fixes...
Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Researchers at firmware and hardware security company Eclypsium discovered that hundreds of motherboard models made by Taiwanese computer components giant...
Breaking Enterprise Silos and Improving Protection – Source: www.securityweek.com
Source: www.securityweek.com – Author: Matt Wilson As networks become atomized, the need for specialization comes into play. Infrastructure is spread across legacy, on-premises, hybrid, multi-cloud, and...
Spyware Found in Google Play Apps With Over 420 Million Downloads – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Antivirus company Doctor Web has identified spyware in over 100 Android applications that had more that 421 million cumulative downloads...
Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire An automatic update pushed to roughly five million WordPress sites over the past few days addresses a critical vulnerability introduced...
Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs A zero-day vulnerability affecting Barracuda Networks email security appliances has been exploited to deploy malware and steal data from organizations...
5 free OSINT tools for social media – Source: www.welivesecurity.com
Source: www.welivesecurity.com – Author: Martina López A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook...
Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme – Source: www.welivesecurity.com
Source: www.welivesecurity.com – Author: Roman Cuprik A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target...
Warning! WordPress Plugin ”Gravity Forms” Vulnerable to PHP Object Injection – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Researchers revealed that the largely used WordPress plugin ”Gravity Forms” is vulnerable to unauthenticated PHP Object Injection. The flaw was...
MacOS Vulnerability Enables Hackers to Bypass SIP Root Restrictions – Source: heimdalsecurity.com
Source: heimdalsecurity.com – Author: Livia Gyongyoși Researchers discovered an Apple vulnerability that threat actors can use to deploy undeletable malware. In order to exploit CVE-2023-32369, hackers...
CommonSpirit Health reports that ransomware attack cost $160 million
Catholic health system and nonprofit hospital chain CommonSpirit Health has said that a ransomware attack it suffered in October 2022 cost the company US$160 million. Ransomware...
Data of more than 470,000 hacking site members leaked
More than 470,000 members of dark web hacking site RaidForums have had their data leaked by Exposed, another hacking forum. Members of the forums would put...
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining – Source:thehackernews.com
Source: thehackernews.com – Author: . May 31, 2023Ravie LakshmananServer Security / Cryptocurrency A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi...