Exploit released for Microsoft SharePoint Server auth bypass flaw
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. Tracked...
News
ShinyHunters member pleads guilty to $6 million in data theft damages
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit...
Discord is investigating cause of ‘You have been blocked’ errors
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a...
The Week in Ransomware – September 29th 2023 – Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout...
US-CERT Vulnerability Summary for the Week of September 18, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- cyber_protect_home_officeSensitive information disclosure due to insecure folder permissions. The following...
Post-Quantum Cryptography: Finally Real in Consumer Apps?
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is...
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc...
Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular...
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain...
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217,...
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel...
New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On
Data security is in the headlines often, and it's almost never for a positive reason. Major breaches, new ways to...
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented...
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden...
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as...
Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could...
The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the...
China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to...
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an...
Cisco Catalyst SD-WAN Manager flaw allows remote server access
Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to...
Budworm hackers target telcos and govt orgs with custom malware
A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and...
Security researcher stopped at US border for investigating crypto scam
Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and...
Progress warns of maximum severity WS_FTP Server vulnerability
Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to...
Cisco urges admins to fix IOS software zero-day exploited in attacks
Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the...
