Fake VMware vConnector package on PyPI targets IT pros
A malicious package that mimics the VMware vSphere connector module ‘vConnector’ was uploaded on the Python Package Index (PyPI) under...
News
New PaperCut critical bug exposes unpatched servers to RCE attacks
PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote...
Extended warranty robocallers fined $300 million after 5 billion scam calls
The Federal Communications Commission (FCC) has announced a record-breaking $299,997,000 fine imposed on an international network of companies for placing...
The Week in Ransomware – August 4th 2023 – Targeting VMware ESXi
Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for...
FBI warns of scammers posing as NFT devs to steal your crypto
The FBI warned today of fraudsters posing as Non-Fungible Token (NFT) developers to prey upon NFT enthusiasts and steal their...
Google explains how Android malware slips onto Google Play Store
The Google Cloud security team acknowledged a common tactic known as versioning used by malicious actors to slip malware on...
UK Government: Cyber-Attacks Could Kill or Maim Thousands
The government has warned that a serious cyber-attack on UK critical infrastructure has a 5–25% chance of happening over the...
Legacy Flaws Dominate Top 12 Vulnerabilities List
Security agencies from the Five Eyes intelligence alliance yesterday released their list of the 12 most exploited vulnerabilities of 2022,...
Microsoft Warns of Growing Cyber-Threats to Sporting Events
Sporting events and venues are increasingly vulnerable to cyber-attacks, a new study from Microsoft has found.The Microsoft Threat Intelligence State...
Credentials Account For Over Half of Cloud Compromises
Over half (55%) of public cloud compromises investigated by Google in the first three months of the year were down...
CISA Announces 2024-2026 Strategic Plan
The Cybersecurity and Infrastructure Security Agency (CISA) has released its FY2024-2026 Strategic Plan, which builds on the cybersecurity strategy published...
VMConnect: Python PyPI Threat Imitates Popular Modules
A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that...
Stealthy npm Malware Exposes Developer Data
A stealthy malware has been discovered on npm, the popular package manager for JavaScript, that poses a severe threat by...
Sophisticated Phishing Exploits Zero-Day Salesforce Vulnerability
A sophisticated email phishing campaign has been discovered by security researchers, exploiting a zero-day vulnerability in Salesforce’s email services and...
US-CERT Vulnerability Summary for the Week of July 24, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobiltay_technology -- scienta Improper Neutralization of Special Elements used in an SQL...
NYC Couple Pleads Guilty to Money Laundering in $3.6 Billion Bitfinex Hack
A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack...
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate...
Webinar – Making PAM Great Again: Solving the Top 5 Identity Team PAM Challenges
Privileged Access Management (PAM) solutions are widely acknowledged as the gold standard for securing critical privileged accounts. However, many security...
Major Cybersecurity Agencies Collaborate to Unveil 2022’s Most Exploited Vulnerabilities
A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited...
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the...
Chrome malware Rilide targets enterprise users via PowerPoint guides
The malicious Rilide Stealer Chrome browser extension has returned in new campaigns targeting crypto users and enterprise employees to steal...
Hackers can abuse Microsoft Office executables to download malware
The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes,...
US govt contractor Serco discloses data breach after MoveIT attacks
Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the...
New Microsoft Azure AD CTS feature can be abused for lateral movement
Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface...
