US-CERT Vulnerability Summary for the Week of December 25, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
News
The Definitive Enterprise Browser Buyer’s Guide
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a...
Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in ‘Incognito Mode’
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking...
The Biggest Cybersecurity And Cyberattack Stories Of 2023
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day...
The Law Enforcement Operations Targeting Cybercrime In 2023
In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development,...
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be...
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could...
New JinxLoader Targeting Users with Formbook and XLoader Malware
A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook...
Android Game Devs Google Drive Misconfig Highlights Cloud Security Risks
Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely...
New Black Basta Decryptor Exploits Ransomware Flaw To Recover Files
Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for...
Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are...
Top 5 Marketing Tech SaaS Security Challenges
Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach,...
Hospitals Ask Courts To Force Cloud Storage Firm To Return Stolen Data
Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack...
Steam Game Mod Breached To Push Password Stealing Malware
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push...
The Week In Ransomware December 29th 2023 Lockbit Targets Hospitals
It's been a quiet week, with even threat actors appearing to take some time off for the holidays. We did...
Malware Abuses Google Oauth Endpoint To Revive Cookies Hijack Accounts
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log...
Critical Vulnerability in Apache OFBiz
Apache has released updates addressing a critical vulnerability (CVE-2023-51467) in their OFBiz Enterprise Resource Planning (ERP) system. The vulnerability has...
Albanian Parliament and One Albania Telecom Hit by Cyber Attacks
The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country's...
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools...
Critical Vulnerability in Apache OFBiz
Apache has released updates addressing a critical vulnerability (CVE-2023-51467) in their OFBiz Enterprise Resource Planning (ERP) system. The vulnerability has...
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28...
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
Microsoft on Thursday said it's once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat...
Easypark Discloses Data Breach That May Impact Millions Of Users
Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December...
Kroll Reveals Ftx Customer Info Exposed In August Data Breach
Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information...
