Identity Threat Detection and Response: Rips in Your Identity Fabric
Why SaaS Security Is a Challenge# In today's digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive...
News
Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks
Germany's Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations...
MaginotDNS attacks exploit weak checks for DNS cache poisoning
A team of researchers from UC Irvine and Tsinghua University has developed a new powerful cache poisoning attack named 'MaginotDNS,'...
UK gov keeps repeating its voter registration website is NOT a scam
Every year local government bodies or councils across Britain contact residents, asking them to update their voter details on the electoral register if...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
Old exploit kits still kicking around in 2023
The year is 2023 and there still are some people using Internet Explorer on planet Earth. More shocking perhaps, is...
Knight ransomware distributed in fake Tripadvisor complaint emails
The Knight ransomware is being distributed in an ongoing spam campaign that pretends to be TripAdvisor complaints. Knight ransomware is a recent rebrand...
Ford says cars with WiFi vulnerability still safe to drive
Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles,...
Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk
Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe's iBoot Power Distribution Unit (PDU)...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) that could be potentially...
New Python URL Parsing Flaw Could Enable Command Execution Attacks
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain...
New Python URL Parsing Flaw Enables Command Injection Attacks
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain...
Lolek Bulletproof Hosting Servers Seized, 5 Key Operators Arrested
European and U.S. law enforcement agencies have announced the dismantling of a bulletproof hosting service provider called Lolek Hosted, which...
Lapsus$ hackers took SIM-swapping attacks to the next level
The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to...
The Week in Ransomware – August 11th 2023 – Targeting Healthcare
While some ransomware operations claim not to target hospitals, one relatively new ransomware gang named Rhysida doesn't seem to care....
Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS...
Amazon AWS distances itself from Moq amid data collection controversy
Amazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet...
LOLEKHosted admin arrested for aiding Netwalker ransomware gang
Update 8/11/23: Updated with information from DOJ about alleged Netwalker Ransomware involvement. Police have taken down the Lolek bulletproof hosting provider,...
US cyber safety board to analyze Microsoft Exchange hack of govt emails
The Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud...
Researchers Suggest Ways to Tackle Thermal Attacks
Researchers at Glasgow University have identified 15 ways users and manufacturers could reduce the risk of thermal attacks to boost...
UK Government Slammed For Encryption Mistruths
The technology secretary has drawn the ire of encryption experts by repeating false claims and half-truths about the Online Safety...
#BHUSA: Security Risks to Boom in the Era of Widespread Generative AI Adoption
The security and privacy concerns around the use of generative AI today could be just the tip of a forming...
CISA: New Whirlpool Backdoor Used in Barracuda ESG Campaign
Security researchers have discovered a third novel backdoor that was used in attacks on users of Barracuda ESG appliances recently.The...
