Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024,...
News
Active Exploitation of Critical Vulnerability in MOVEit Transfer
Progress Software has released security updates to address a critical vulnerability (CVE-2024-5806) in MOVEit Transfer. The vulnerability has a CVSSv3.1...
Google Thwarts Over 10,000 Attempts by Chinese Influence Operator
Google blocked over 10,000 instances of Dragon Bridge activity in Q1 2024, a China-affiliated influence operator that pushes pro-People’s Republic...
TeamViewer Cyber-Attack Attributed to Russian APT Midnight Blizzard
Remote software provider TeamViewer has been hit by a cyber-attack that it has attributed to Russian state-affiliated threat actor Midnight...
Cyber Workforce Grows 15% at Large Organizations as Security is Prioritized
Large organizations have significantly strengthened their cyber workforce in 2024, according to cyber consultancy Wavestone.In its Cyber Benchmark 2024 report,...
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome...
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run...
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security...
New SnailLoad Attack Exploits Network Latency to Spy on Users’ Web Activities
A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad...
Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors
The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS. SaaS continues to...
TeamViewer Detects Security Breach in Corporate IT Environment
TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately...
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment
Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain...
Chinese State Actors Use Ransomware to Conceal Real Intent
Chinese APT groups with likely state backing are using ransomware in attacks to throw cybersecurity researchers off the scent and...
CISOs Reveal Firms Prioritize Savings Over Long-Term Security
A third (33%) of security leaders believe companies often sacrifice long-term security for cost savings. The data comes from Bugcrowd’s...
Operation First Light Seizes $257m in Global Scam Bust
Police forces from 61 countries have joined forces to dismantle online scam networks through Operation First Light 2024. The operation, orchestrated...
US Charges Russian Individual for Pre-Invasion Ukraine Hack
The US Department of Justice (DoJ) has charged a Russian national, Amin Timovich Stigal, aged 22, for hacking into and...
Majority of Critical Open Source Projects Contain Memory Unsafe Code
More than half (52%) of critical open source projects contain code written in a memory-unsafe language, according to a new...
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The...
How to Use Python to Build Secure Blockchain Applications
Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in...
The Secrets of Hidden AI Training on Your Data
While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your...
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code...
Mitigating Skeleton Key, a new type of generative AI jailbreak technique
In generative AI, jailbreaks, also known as direct prompt injection attacks, are malicious user inputs that attempt to circumvent an...
Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application
A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to...
Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion
A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against...
