Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue...
News
Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk
A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that...
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking...
Interpol Busts Phishing-as-a-Service Platform ’16Shop,’ Leading to 3 Arrests
Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals...
EvilProxy phishing campaign targets 120,000 Microsoft 365 users
EvilProxy is becoming one of the more popular phishing platforms to target MFA-protected accounts, with researchers seeing 120,000 phishing emails...
Hackers use open source Merlin post-exploitation toolkit in attacks
Ukraine is warning of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control...
Missouri warns that health info was stolen in IBM MOVEit data breach
Missouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered...
Popular open source project Moq criticized for quietly collecting data
Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed...
Preventative medicine for securing IoT tech in healthcare organizations
The widespread adoption of a digital transformation workspace and the shift to web applications has led to a global rise...
Rhysida ransomware behind recent attacks on healthcare
The Rhysida ransomware operation is making a name for itself after a wave of attacks on healthcare organizations has forced...
Northern Ireland Police Officers Vulnerable After Data Leak
A serious data leak has exposed the personal details of police officers and civilian personnel working at the Police Service...
Notorious Phishing-as-a-Service Platform Shuttered
A phishing-as-a-service (PaaS) platform which may have been responsible for over 150,000 phishing domains has been taken offline after an...
Summer Spending Pressure Fuels Loan Fee Fraud Fears
The UK’s financial regulatory has warned consumers to be on the lookout for loan fee fraudsters after revealing new research...
Microsoft Patches 80+ Flaws Including Two Zero-Days
Microsoft released updates for 87 vulnerabilities yesterday, including two that are being actively exploited in the wild.The first zero-day was...
#BHUSA: New Zero-Day Vulnerabilities Could Instantly Drain Crypto Wallets
Multiple zero-day vulnerabilities have been discovered in some of the most used cryptographic multi-party computation (MPC) protocols, putting consumers’ cryptocurrency...
Breach Connected to MOVEit Flaw Affects Missouri Medicaid Recipients
The Missouri Department of Social Services (DSS) has issued an alert urging residents to safeguard their personal information following a...
Rhysida Ransomware Analysis Reveals Vice Society Connection
The Rhysida ransomware group, a recent addition to the growing threat landscape, has been implicated in a string of high-impact...
High-Severity Access Control Vulnerability Found in Spring WebFlux
A new security loophole has been found in Spring Security’s latest versions. Tracked as CVE-2023-34034, the flaw has a CVSS...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign
Hackers associated with China's Ministry of State Security (MSS) have been linked to attacks in 17 different countries in Asia,...
Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs
Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from...
Digital assets continue to be prime target for malvertisers
Cyber-criminals continue to impersonate brands via well-crafted phishing websites. We previously covered attacks on both consumers and businesses via online searches...
Continuous Security Validation with Penetration Testing as a Service (PTaaS)
Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center (SOC),...
U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons
The U.K. Electoral Commission on Tuesday disclosed a "complex" cyber attack on its systems that went undetected for over a...
