InfoSec News & Tutorials
News
The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a…
Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked…
Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using…
Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser. Google rolled out an emergency security update for the desktop…
Cybernews investigated a data sample available for sale containing up-to-date mobile phone numbers of nearly 500 million WhatsApp users. Original post published by Cybernews: https://cybernews.com/news/whatsapp-data-leak/ On November 16, an actor…
An international law enforcement operation has dismantled an online phone number spoofing service called iSpoof. An international law enforcement operation that was conducted by authorities in Europe, Australia, the United States,…
The British government banned the installation of Chinese-linked security cameras at sensitive facilities due to security risks. Reuters reports that the British government ordered its departments to stop installing Chinese…
RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming language. The operators of the RansomExx ransomware (aka Defray777 and…
Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a…
Microsoft reported that hackers have exploited flaws in a now-discontinued web server called Boa in attacks against critical industries. Microsoft experts believe that threat actors behind a malicious campaign aimed at…
The shopping event of the year, Black Friday, is almost here, and while the big day does not officially arrive until Friday, November 25th, deals are already starting. The day…
Decentralization can make enterprises more agile but it also makes IT and network security more complex. Creating a strong security culture, deploying the right tools, and defining an incident response…
This blog entry looks at the characteristics of a new WannaRen ransomware variant, which we named Life ransomware after its encryption extension. If you like the site, please consider joining…
Pro-Russian hacker collective Killnet took down the European Parliament website with a DDoS cyberattack. The Pro-Russia group of hacktivists Killnet claimed responsibility for the DDoS attack that today took down…
The operators behind the Ducktail information stealer continue to improve their malicious code, operators experts warn. In late July 2022, researchers from WithSecure (formerly F-Secure Business) discovered an ongoing operation,…
Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone…
Microsoft released an out-of-band update to fix problems tied to a recent Windows security patch that caused Kerberos authentication issues. Microsoft released an out-of-band update to address issues caused by…
The gang behind Quantum Locker used a particular modus operandi to target large enterprises relying on cloud services in the NACE region. Executive Summary Quantum Locker gang demonstrated capabilities to…
Cybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. However, luckily, we did not see any sudden or catastrophic changes in the overall threat…
This is the first edition of our policy analysis and observations of trends in the regulation of cyberspace, and cybersecurity, within the Kaspersky Security Bulletin. This year so far has…
A look back on the year 2022 and what to expect in 2023 Every year, as part of the Kaspersky Security Bulletin, we predict which major trends will be followed…
Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). It’s no secret that cyber security has…
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. An anonymous researcher publicly disclosed a series…