Severe Flaws in Major E2EE Cloud Storage Services Exposed
Recent research unveils critical vulnerabilities in popular end-to-end encrypted (E2EE) cloud storage services, shaking user trust in these platforms. Severe...
News
Curbing Spyware and Hack-for-Hire: Recommendations from Think Tanks
British think tanks emphasize the urgent need for action to address the misuse of spyware and hack-for-hire services, highlighting factors...
LLMjacking and Open-Source Tool Abuse: A Surge in 2024 Cloud Attacks
In 2024, cloud-based cyber-attacks have surged dramatically, with LLMjacking and the abuse of open-source tools emerging as significant threats to...
SEC Charges Tech Companies for Misleading Disclosures on SolarWinds Hack
The SEC has charged four technology firms for misleading disclosures linked to the SolarWinds hack, raising critical cybersecurity awareness. The...
Phishing Attack Affects 92,554 Transak Users: Key Insights
A recent phishing attack has impacted over 92,000 Transak users, revealing vulnerabilities in security protocols. Transak, a prominent fiat-to-crypto payment...
75% of US Senate Campaign Websites Lack DMARC Protection: A Security Concern
A staggering 75% of US Senate campaign websites are not using Domain-based Message Authentication, Reporting and Conformance (DMARC), making them...
Facial Recognition Technology: Meta’s New Strategy Against Celeb-Bait Scams
Meta is leveraging facial recognition technology to combat celeb-bait scams and enhance account recovery methods on its platforms. Meta has...
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to...
Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent (OPA) that, if successfully exploited, could have...
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according...
Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum...
A Comprehensive Guide to Finding Service Accounts in Active Directory
Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they...
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way...
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as...
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its...
Unmanaged Long-Lived Cloud Credentials Put Organizations at Risk
Nearly half of organizations, specifically 46%, are facing significant security challenges due to unmanaged long-lived cloud credentials, according to Datadog's...
Nidec Ransomware Attack: Over 50,000 Files Exposed
In a troubling incident, the Nidec ransomware attack in August 2024 led to the exposure of over 50,000 sensitive documents...
Stolen Access Tokens Trigger New Breach at Internet Archive
Stolen access tokens have led to alarming security concerns for the Internet Archive, highlighting the need for rigorous cybersecurity measures....
Bumblebee Loader Resurgence: Insights from Netskope Report
The Bumblebee malware loader may be staging a comeback months after a major operation disrupted its activities in May 2024....
Guidance on Commercial AI Products: Best Practices for Australian Businesses
Australian businesses now have essential guidance on best practices for using commercial AI products, as outlined by the Office of...
US-CERT Vulnerability Summary for the Week of October 14, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Guide: The Ultimate Pentest Checklist for Full-Stack Security
Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics...
THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 – Oct 20)
Hi there! Here's your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems...
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed...