Offensive and Defensive AI: Let’s Chat(GPT) About It
ChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can...
News
Experts Expose Farnetwork’s Ransomware-as-a-Service Business Model
Cybersecurity researchers have unmasked a prolific threat actor known as farnetwork, who has been linked to five different ransomware-as-a-service (RaaS)...
Confidence in File Upload Security is Alarmingly Low. Why?
Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications. The benefits are...
Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which...
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities
The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting...
Migrating to post-quantum cryptography
Migrating to post-quantum cryptography In 2020, the NCSC published a white paper on https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography" target="_self">Preparing for Quantum-Safe Cryptography. This paper...
Iranian Hackers Launch Destructive Cyber Attacks on Israeli Tech and Education Sectors
Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced...
Cybercrime service bypasses Android security to install malware
A new dropper-as-a-service (DaaS) cybercrime operation named 'SecuriDropper' has emerged, using a method that bypasses the 'Restricted Settings' feature in Android...
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system...
Veeam warns of critical bugs in Veeam ONE monitoring platform
Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two...
US sanctions Russian who laundered money for Ryuk ransomware affiliate
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Russian national Ekaterina Zhdanova for laundering millions...
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks
Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber...
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously...
Hackers exploit Looney Tunables Linux bug, steal cloud creds
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified...
Samsung Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Samsung Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of...
Security Agency Publishes Post-Quantum Guidance For Firms
The UK’s National Cyber Security Centre (NCSC) has released more information designed to help organizations migrate their systems to post-quantum...
Okta Breach Hit Over 130 Customers
A security breach at identity and access management (IAM) specialist Okta impacted over 130 of its customers, a handful of...
US, Japan and South Korea Unite to Counter North Korean Cyber Activities
The US, Japan and South Korea have established a high-level consultative body designed to counter North Korea’s cyber activities.A key...
Over Half of Users Report Kubernetes/Container Security Incidents
Cloud native development practices are creating dangerous new security blind spots for organizations in the US, UK, France and Germany,...
Russian National Sanctioned For Virtual Currency Money Laundering
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned a Russian national for her involvement...
Spy Trojan SpyNote Unveiled in Attacks on Gamers
The SpyNote Trojan, camouflaged as a mod for the game Roblox, has been observed targeting Android users. This mobile malware can...
US-CERT Vulnerability Summary for the Week of October 30, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocontec -- solarview_compact_firmwareAn issue in Contec SolarView Compact v.6.0 and before allows...
Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors
Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced...
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
An updated version of an information stealer malware known as Jupyter has resurfaced with "simple yet impactful changes" that aim...
