16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could...
News
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router
Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the...
Dell Compellent hardcoded key exposes VMware vCenter admin creds
An unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter...
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
Image: Midjourney A cyberespionage group named 'MoustachedBouncer' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies...
Safeguarding Against Silent Cyber Threats: Exploring the Stealer Log Lifecycle
The first seven months of 2023 have seen a continued rapid evolution of the cybercrime ecosystem. Ransomware data exfiltration attacks,...
CISA: New Whirlpool backdoor used in Barracuda ESG hacks
Image: Midjourney The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named 'Whirlpool' used in...
EvilProxy Campaign Fires Out 120,000 Phishing Emails
Researchers have warned of a new multi-factor authentication (MFA) phishing campaign targeting thousands of users, including a large share of...
NIST Expands Cybersecurity Framework with New Pillar
The US National Institute of Standards and Technology (NIST) has released a new draft version of its popular best practice...
Regulator: “Harmful” Web Design Could Break Data Protection Laws
The Information Commissioner’s Office (ICO) has warned UK companies that it will take enforcement action against those that use website...
Fresh Blow to PSNI Security as Second Data Breach Disclosed
A further breach of personal data of serving officers from the Police Service of Northern Ireland (PSNI) was confirmed on...
#BHUSA: DARPA Challenges AI Pros to Safeguard US Infrastructure
“I’m going to do something I’ve never done before.” Those were Jeff Moss’s words during his August 9 opening speech...
#BHUSA: ESET Unmasks Cyber-Espionage Group Targeting Embassies in Belarus
In a revelation made during Black Hat USA, cybersecurity provider ESET unveiled the discovery of a novel threat actor engaged...
Potent Trojans Targeting MacOS Users
Threat actors are becoming more efficient at targeting Mac users through MacOS tailored malware, according to Bitdefender’s macOS Threat Landscape...
#BHUSA: Only 22% of Firms Have Mature Threat Intelligence Programs
Only 22% of organizations have achieved a fully matured threat intelligence program, revealed a new report by cybersecurity solutions provider...
#BHUSA: US National Security Agency Announces Codebreaker Challenge Theme
US coastguards discovered an unknown signal 30 miles outside the continental United States. The US National Security Agency (NSA) is...
#BHUSA: White House, DARPA and CISA Ask for Help in Securing Open Source Software
“When I worked on a report from the US Cyber Safety Review Board about the Log4j vulnerability, I was stunned...
New York Introduces First-Ever Statewide Cybersecurity Strategy
Governor Kathy Hochul has introduced New York's first-ever statewide cybersecurity strategy, reinforced by a $600m commitment. The strategy emerges as a...
APT31 Linked to Recent Industrial Attacks in Eastern Europe
The threat actor APT31 (AKA Judgment Panda and Zirconium) has been linked to recent industrial attacks in eastern Europe, according...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks
Malicious actors are using a legitimate Rust-based injector called Freezers to deploy a commodity malware called XWorm in victim environments....
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk
A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal...
Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue...
Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk
A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that...
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking...
