Amazon adds passkey support as new passwordless login option
Amazon has quietly added passkey support as a new passwordless login option for customers, offering better protection from information-stealing malware...
News
Over 40,000 admin portal accounts use ‘admin’ as a password
Security researchers found that IT administrators are using tens of thousands of weak passwords to protect access to portals, leaving...
Rising AI-Fueled Phishing Drives Demand for Password Alternatives
Online phishing scams are becoming more frequent and more sophisticated, according to the Online Authentication Barometer, published by the FIDO...
Persistent Espionage Campaign Targets APAC Governments
Cybersecurity experts at Kaspersky have unveiled a covert and highly advanced espionage campaign, codenamed “TetrisPhantom.”The persistent operation has specifically targeted...
A Third of Organizations Not Ready to Comply with NIS2
Just a third (34%) of impacted organizations in the UK, France and Germany are prepared for the EU’s updated Network...
Fake Browser Updates Used in Malware Distribution
Cybersecurity researchers from Proofpoint have identified a rising trend in threat activity that employs fake browser updates to disseminate malware. At...
US-CERT Vulnerability Summary for the Week of October 9, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3ds -- teamwork_cloud_no_magic_releaseA Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from...
The forgotten malvertising campaign
In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we...
Signal says there is no evidence rumored zero-day bug is real
Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the 'Generate Link...
Women Political Leaders Summit targeted in RomCom malware phishing
A new, lightweight variant of the RomCom backdoor was deployed against participants of the Women Political Leaders (WPL) Summit in...
Steam enforces SMS verification to curb malware-ridden updates
Valve has announced implementing additional security measures for developers publishing games on Steam, including SMS-based confirmation codes. This is to...
CISA, FBI urge admins to patch Atlassian Confluence immediately
CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw...
Fake ‘RedAlert’ rocket alert app for Israel installs Android spyware
Israeli Android users are targeted by a malicious version of the 'RedAlert – Rocket Alerts' app that, while it offers...
Discord still a hotbed of malware activity — Now APTs join the fun
Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used...
Russian Sandworm hackers breached 11 Ukrainian telcos since May
The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September...
Kansas courts IT systems offline after ‘security incident’
Information systems of state courts across Kansas are still offline after they've been disrupted in what the Kansas judicial branch...
Cisco warns of new IOS XE zero-day actively exploited in attacks
Cisco warned admins today of a new maximum severity authentication bypass zero-day in its IOS XE software that lets unauthenticated...
Hackers exploit critical flaw in WordPress Royal Elementor plugin
A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited...
Cisco IOS XE Escalation of Privilege Vulnerability
A vulnerability was identified in Cisco IOS XE. A remote attacker could exploit this vulnerability to trigger elevation of privilege on the targeted system. Note: CVE-2023-20198...
Ransomware Targets Unpatched WS_FTP Servers
Unpatched WS_FTP servers exposed to the internet have become prime targets for ransomware attacks, with threat actors exploiting a critical...
Signal Disputes Alleged Zero-Day Flaw
The encrypted messaging app Signal has refuted widespread claims of a zero-day software vulnerability. After an investigation, the company has...
Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict
Hacktivists have claimed to hit Israeli websites through DDoS and defacement attacks following the outbreak of conflict between Israel and...
New RomCom Backdoor Targets Female Political Leaders
Japanese cybersecurity provider Trend Micro has uncovered a new malicious campaign targeting female political leaders and attendees of the Women...
US-CERT Vulnerability Summary for the Week of October 9, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3ds -- teamwork_cloud_no_magic_releaseA Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from...
