US cyber safety board to analyze Microsoft Exchange hack of govt emails
The Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud...
News
CISA: New Whirlpool Backdoor Used in Barracuda ESG Campaign
Security researchers have discovered a third novel backdoor that was used in attacks on users of Barracuda ESG appliances recently.The...
Researchers Suggest Ways to Tackle Thermal Attacks
Researchers at Glasgow University have identified 15 ways users and manufacturers could reduce the risk of thermal attacks to boost...
UK Government Slammed For Encryption Mistruths
The technology secretary has drawn the ire of encryption experts by repeating false claims and half-truths about the Online Safety...
#BHUSA: Security Risks to Boom in the Era of Widespread Generative AI Adoption
The security and privacy concerns around the use of generative AI today could be just the tip of a forming...
Multiple Flaws Found in the Avada WordPress Theme and Plugin
Multiple vulnerabilities have been identified in the widely used Avada theme and its accompanying Avada Builder plugin. These security flaws, uncovered...
DHS to Review Microsoft’s Security in Chinese Email Hack
The US Department of Homeland Security (DHS) has announced it will investigate Microsoft’s security practices in relation to the recent...
DroxiDat-Cobalt Strike Duo Targets Power Generator Network
A new variant of the SystemBC malware, paired with Cobalt Strike beacons, has been identified in a recent cyber-attack targeting...
Lapsus$ Hacker Group Exposed in Latest CSRB Report
The US Cyber Safety Review Board (CSRB) has issued a comprehensive report shedding light on the operations of the notorious...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome...
Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks...
Researchers Shed Light on APT31’s Advanced Backdoors and Data Exfiltration Tactics
The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a...
New SystemBC Malware Variant Targets Southern African Power Company
An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with...
CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual...
16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could...
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router
Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the...
Dell Compellent hardcoded key exposes VMware vCenter admin creds
An unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter...
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
Image: Midjourney A cyberespionage group named 'MoustachedBouncer' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies...
Safeguarding Against Silent Cyber Threats: Exploring the Stealer Log Lifecycle
The first seven months of 2023 have seen a continued rapid evolution of the cybercrime ecosystem. Ransomware data exfiltration attacks,...
CISA: New Whirlpool backdoor used in Barracuda ESG hacks
Image: Midjourney The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named 'Whirlpool' used in...
EvilProxy Campaign Fires Out 120,000 Phishing Emails
Researchers have warned of a new multi-factor authentication (MFA) phishing campaign targeting thousands of users, including a large share of...
NIST Expands Cybersecurity Framework with New Pillar
The US National Institute of Standards and Technology (NIST) has released a new draft version of its popular best practice...
Regulator: “Harmful” Web Design Could Break Data Protection Laws
The Information Commissioner’s Office (ICO) has warned UK companies that it will take enforcement action against those that use website...
