ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks
The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features...
News
Startup Security Tactics: Friction Surveys
When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security...
New Report Exposes Operation Triangulation’s Spyware Implant Targeting iOS Devices
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation...
SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish
The Quick Serve Restaurant (QSR) industry is built on consistency and shared resources. National chains like McDonald's and regional ones...
Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover
A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full...
Startup Security Tactics: Friction Surveys
When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security...
Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a...
Alert! Hackers Exploiting Critical Vulnerability in VMware’s Aria Operations Networks
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight)...
New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to...
Ransomware is only getting faster: Six steps to a stronger defense
Staying ahead of threat actors is a game of cat and mouse, with attackers often having the upper hand. In...
Russian APT28 hackers breach Ukrainian govt email servers
Image: Bing Image Creator A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate (GRU)...
New RDStealer malware steals from drives shared over Remote Desktop
A cyberespionage and hacking campaign tracked as 'RedClouds' uses the custom 'RDStealer' malware to automatically steal data from drives shared...
Zyxel warns of critical command injection flaw in NAS devices
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command...
Over 100,000 ChatGPT accounts stolen via info-stealing malware
​More than 101,000 ChatGPT user accounts have been stolen by information-stealing malware over the past year, according to dark web...
Hackers infect Linux SSH servers with Tsunami botnet malware
An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS...
New Condi malware builds DDoS botnet out of TP-Link AX21 routers
A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers...
Microsoft fixes Azure AD auth flaw enabling account takeover
Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and...
VMware warns of critical vRealize flaw exploited in attacks
VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code...
Hackers warn University of Manchester students’ of imminent data leak
Image: Ax Sharma The ransomware operation behind a cyberattack on the University of Manchester has begun to email students, warning...
US-CERT Vulnerability Summary for the Week of June 5, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish
The Quick Serve Restaurant (QSR) industry is built on consistency and shared resources. National chains like McDonald's and regional ones...
Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products
Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric. The flaws, per Forescout,...
SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish
The Quick Serve Restaurant (QSR) industry is built on consistency and shared resources. National chains like McDonald's and regional ones...
Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices
Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage (NAS) devices that could...
