CISA warns of breach risks from IDOR web app vulnerabilities
CISA warned today of the significant breach risks linked to insecure direct object reference (IDOR) vulnerabilities impacting web applications in...
Year: 2023
New Android malware uses OCR to steal credentials from images
Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and...
CISA: New Submarine malware found on hacked Barracuda ESG appliances
CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies'...
The Week in Ransomware – July 28th 2023 – New extortion tactics
With ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims. This was...
Ivanti patches new zero-day exploited in Norwegian govt attacks
Ivanti has fixed another vulnerability in the Endpoint Manager Mobile software (formerly MobileIron Core), exploited as a zero-day to breach the IT systems...
Linux version of Abyss Locker ransomware targets VMware ESXi servers
The Abyss Locker operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in...
Twitter’s rebranding to ‘X’ triggers Microsoft Edge security alert
Microsoft Edge web browser has been displaying security warnings after Twitter changed its name to 'X'. Amid its rapid rebranding...
MOVEit Campaign Claims Millions More Victims
Another 8–11 million individuals are believed to have had their personal information compromised by the Clop ransomware gang after a...
Australia and US Issue Warning About Web App Threats
The Australian and US governments have issued a joint advisory about the growing cyber-threats to web applications and application programming...
North Korean Hackers Bag Another $100m in Crypto Heists
North Korea’s infamous Lazarus hacking group has been linked to two new attacks on cryptocurrency firms which led to the...
Microsoft Accused of Negligence in Recent Email Compromise
A US Senator has demanded that the Whitehouse holds Microsoft to account for a Chinese cyber campaign that compromised US...
SSNDOB Marketplace Admin Pleads Guilty
A Ukrainian man has pleaded guilty to charges connected with his role as an administrator of notorious cybercrime marketplace SSNDOB.Vitalii...
Security Serious Unsung Heroes Awards 2023 Open for Nominations
Nominations are open for the eighth annual Security Serious Unsung Heroes Awards to be held in London and run by Eskenzi PR.The...
40% of Ubuntu Cloud Workloads Vulnerable to Exploits
Two high-priority vulnerabilities have been discovered in the OverlayFS module of Ubuntu Linux, impacting approximately 40% of Ubuntu cloud workloads. According...
New Study Reveals Forged Certificate Attack Risks
New research has highlighted the severe risks posed by forged certificate attacks, which can lead to unauthorized access to important...
UK MoD Error Sends Emails to Russia’s Ally Instead of US
The UK’s Ministry of Defence (MoD) is launching an investigation after a typing error reportedly led to classified emails being...
CISA: CISA Releases Analysis of FY22 Risk and Vulnerability Assessments
CISA Releases Analysis of FY22 Risk and Vulnerability Assessments CISA has released an analysis and infographic detailing the findings from...
CISA: Apple Releases Security Updates for Multiple Products
Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in multiple products. An attacker...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on July 25, 2023. These...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse The Australian Signals Directorate’s Australian Cyber...
CISA: CISA Releases Five Industrial Control Systems Advisories
CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on July 27, 2023. These...
