OWASP Releases Security Checklist for Generative AI Deployment
Chief information security officers now have a new tool at their disposal to get started with AI securely.The Open Web...
News
Russian-Aligned Network Doppelgänger Targets German Elections
A joint effort by SentinelLabs and ClearSky Cyber Security has uncovered a significant propaganda and disinformation campaign, possibly orchestrated by...
Multiple Vulnerabilities in VMware Enhanced Authentication Plug-in
VMware has released mitigating measures addressing multiple vulnerabilities (CVE-2024-22245 and CVE-2024-22250) impacting their Enhanced Authentication Plug-in (EAP).The vulnerabilities are:• CVE-2024-22245:...
Active Exploitation of Critical Vulnerability in WordPress Bricks Plug-in
WordPress has released security updates to address a critical vulnerability (CVE-2024-25600) impacting their Bricks Builder Plug-in. The vulnerability has a...
Multiple Vulnerabilities in VMware Enhanced Authentication Plug-in
VMware has released mitigating measures addressing multiple vulnerabilities (CVE-2024-22245 and CVE-2024-22250) impacting their Enhanced Authentication Plug-in (EAP).The vulnerabilities are:• CVE-2024-22245:...
Active Exploitation of Critical Vulnerability in WordPress Bricks Plug-in
WordPress has released security updates to address a critical vulnerability (CVE-2024-25600) impacting their Bricks Builder Plug-in. The vulnerability has a...
New Ssh Snake Malware Steals Ssh Keys To Spread Across The Network
A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally...
Screenconnect Critical Bug Now Under Attack As Exploit Code Emerges
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its...
Fraudsters Tried To Scam Apple Out Of 5 000 Iphones Worth Over 3 Million
Two Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth...
Microsoft Expands Free Logging Capabilities After May Breach
Microsoft has expanded free logging capabilities for all Purview Audit standard customers, including U.S. federal agencies, six months after disclosing...
Us Offers 15 Million Bounty For Info On Lockbit Ransomware Gang
The U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information...
Hackers Abuse Google Cloud Run In Massive Banking Trojan Campaign
Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like...
Us Govt Shares Cyberattack Defense Tips For Water Utilities
CISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement...
Joomla Fixes Xss Flaws That Could Expose Sites To Rce Attacks
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on...
Attacker Breakout Time Falls to Just One Hour
Security experts recorded a surge in “hands-on-keyboard” threats in 2023, with the average time it took to move laterally from...
NCSC Sounds Alarm Over Private Branch Exchange Attacks
The UK’s National Cyber Security Centre (NCSC) has warned smaller organizations that they could be exposed to attacks targeting their...
Russian Hackers Launch Email Campaigns to Demoralize Ukrainians
A Russian threat-actor is targeting Ukrainian citizens with email Psychological Operations (PSYOPs) campaigns aimed at making them believe Russia is...
IBM: Identity Compromises Surge as Top Initial Access Method for Cybercriminals
Cybercriminals are ditching hacking into corporate networks and are instead using legitimate credentials to access and compromise them, with a...
Exclusive: eSentire Confirms Rhysida Ransomware Victims
The Rhysida Ransomware Group has escalated its attacks, targeting hospitals, power plants and schools across the UK, Europe and the...
Over 40% of Firms Struggle With Cybersecurity Talent Shortage
Over 40% of companies globally are struggling to fill critical cybersecurity roles, particularly in information security research and malware analysis,...
Biden Executive Order to Bolster US Maritime Cybersecurity
US President Joe Biden will be issuing an Executive Order (EO) to strengthen US maritime cybersecurity amid increased reliance on...
Knight Ransomware Source Code For Sale After Leak Site Shuts Down
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single...
Ransomware Groups Targeting Preferences And The Access Economy
How do ransomware groups pick their targets? It’s a rhetorical question: in the vast majority of cases they don’t. Ransomware-as-a-service...
Critical Infrastructure Software Maker Confirms Ransomware Attack
PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed...
