CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds
A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business...
News
Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software
Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it...
Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates
A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong...
New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App
A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under...
Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known...
New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC
A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor...
Sneaky Amazon Google ad leads to Microsoft support scam
A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks...
Ivanti warns of new actively exploited MobileIron zero-day bug
US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in...
Japanese watchmaker Seiko breached by BlackCat ransomware gang
The BlackCat/ALPHV ransomware gang has added Seiko to its extortion site, claiming responsibility for a cyberattack disclosed by the Japanese...
TP-Link smart bulbs can let hackers steal your WiFi password
Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link’s Tapo...
Cuba Ransomware Group Steals Credentials Via Veeam Exploit
A notorious Russian-speaking ransomware group has updated its attack tooling to include a Veeam exploit designed to harvest logins, according...
Police Insider Tipped Off Criminal Friend About EncroChat Bust
An intelligence analyst working for police in the North West of England shared information about a major countrywide operation with...
Government Urges More Students to Be Cyber Explorers
The government is urging more schools to enrol their students in a government scheme designed to boost cyber skills, claiming...
Deceptive AI Bots Spread Malware, Raise Security Concerns
Cyber-criminals have been exploiting fraudulent artificial intelligence (AI) bots to attempt and install malicious software under the guise of genuine...
New NCUA Rule Requires Swift Cyber Incident Reporting
Federally insured credit unions have been notified by the National Credit Union Administration (NCUA) of a new regulation set to...
New Chrome Feature Alerts Users About Malicious Extensions
Google has announced an update set to be introduced in Chrome 117. This new feature aims to proactively inform users...
US Space Industry Under Threat from Foreign Cyber Espionage
Foreign intelligence services could use direct and supply chain cyber-attacks to gain access to the US space industry, according to US...
US-CERT Vulnerability Summary for the Week of August 14, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofoldingathome -- client_advanced_controlAn issue was discovered in FoldingAtHome Client Advanced Control GUI...
HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack
The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting...
How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes
From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation...
This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers
Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them...
Cuba ransomware uses Veeam exploit against critical U.S. organizations
Image: Midjourney The Cuba ransomware gang was observed in attacks targeting critical infrastructure organizations in the United States and IT...
US-CERT Vulnerability Summary for the Week of August 7, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info phoenixcontact -- wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels...
Rust devs push back as Serde project ships precompiled binaries
Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. The move has generated a fair...
