Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent (OPA) that, if successfully exploited, could have...
News
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according...
Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum...
A Comprehensive Guide to Finding Service Accounts in Active Directory
Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they...
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way...
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as...
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its...
Unmanaged Long-Lived Cloud Credentials Put Organizations at Risk
Nearly half of organizations, specifically 46%, are facing significant security challenges due to unmanaged long-lived cloud credentials, according to Datadog's...
Nidec Ransomware Attack: Over 50,000 Files Exposed
In a troubling incident, the Nidec ransomware attack in August 2024 led to the exposure of over 50,000 sensitive documents...
Stolen Access Tokens Trigger New Breach at Internet Archive
Stolen access tokens have led to alarming security concerns for the Internet Archive, highlighting the need for rigorous cybersecurity measures....
Bumblebee Loader Resurgence: Insights from Netskope Report
The Bumblebee malware loader may be staging a comeback months after a major operation disrupted its activities in May 2024....
Guidance on Commercial AI Products: Best Practices for Australian Businesses
Australian businesses now have essential guidance on best practices for using commercial AI products, as outlined by the Office of...
US-CERT Vulnerability Summary for the Week of October 14, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Guide:Â The Ultimate Pentest Checklist for Full-Stack Security
Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics...
THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 – Oct 20)
Hi there! Here's your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems...
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed...
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to...
Social Media Accounts: The Weak Link in Organizational SaaS Security
Social media accounts help shape a brand's identity and reputation. These public forums engage directly with customers as they are...
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as...
Acronym Overdose – Navigating the Complex Data Security Landscape
In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others....
Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks
A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses...
Internet Archive Resumes Services After DDoS Attacks
Internet Archive has successfully resumed most of its services following a series of disruptive DDoS attacks that impacted its operations....
Instagram Implements New Measures Against Sextortion Scams
Instagram is taking proactive steps to enhance user safety by implementing new measures aimed at preventing sextortion scams on the...
macOS Vulnerability Exposes User Data: Microsoft Alert on HM Surf Threat
Microsoft has identified a significant macOS vulnerability known as HM Surf, potentially exposing sensitive user data to attackers. Microsoft has...
