Repeatable VEC Attacks Target Critical Infrastructure
The threat of vendor email compromise (VEC) attacks has escalated, with recent data showing a sharp increase in such cyber-threats. According...
News
VMware Patches Vulnerability Exposing Admin Credentials
VMware addressed a vulnerability on Tuesday that impacts its Tanzu Application Service for VMs and Isolation Segment products. The flaw, tracked as CVE-2023-20891, poses...
Group-IB Founder Sentenced in Russia to 14 Years for Treason
The Moscow City Court has sentenced Ilya Sachkov, the founder of cybersecurity provider Group-IB, to 14 years in prison for...
US-CERT Vulnerability Summary for the Week of July 17, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infooliva_expertise -- oliva_expertise_eks Improper Neutralization of Special Elements used in an SQL...
Norway says Ivanti zero-day was used to hack govt IT systems
The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti's Endpoint Manager Mobile (EPMM)...
Over 400,000 corporate credentials stolen by info-stealing malware
The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they...
Super Admin elevation bug puts 900,000 MikroTik devices at risk
A critical severity 'Super Admin' privilege elevation flaw puts over 900,000 MikroTik RouterOS routers at risk, potentially enabling attackers to...
VMware fixes bug exposing CF API admin credentials in audit logs
VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment...
More US States are ramping up data privacy laws in 2023
In the US, California has traditionally dominated the privacy conversation. This is changing. Now organizations doing business in Virginia, Colorado,...
New Realst macOS malware steals your cryptocurrency wallets
A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its...
CISA warns govt agencies to patch Ivanti bug exploited in attacks
The Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. federal agencies today to secure their systems against a maximum severity...
Aussie Government Exposed Personal Info Via Security Report
The Australian home affairs department has been left red faced after accidentally leaking the personal information of participants in a government...
Hacker Claims to Have Stolen Sensitive Medical Records from Egypt’s Ministry of Health
An ‘established’ threat actor claimed to be in possession of two million data records stolen from the Egyptian Ministry of...
Data Breach Costs Hit Record High but Fall For Some
The average global cost of a data breach now stands at a record $4.45m, up a little over 2% year...
Ivanti Patches Zero-Day Bug Used in Norway Attacks
A major security breach at the Norwegian government announced yesterday has been traced back to a zero-day vulnerability in an Ivanti...
Critical Flaws Found in Microsoft Message Queuing Service
Three vulnerabilities have been discovered within the Microsoft Message Queuing (MSMQ) service – a proprietary messaging protocol designed to enable secure...
UK Government Report Finds Cybersecurity Skills Gap Stagnant
The UK Government’s Cyber Security Skills in the UK Labour Market 2023 report shows a staggering 50% of all UK...
North Korean Cyber Group Suspected in JumpCloud Breach
A North Korean threat actor has been allegedly linked to a breach targeting JumpCloud, a zero-trust directory platform service used...
Decoy Dog Malware Upgraded to Include New Features
Infoblox has unveiled crucial updates on the “Decoy Dog” remote access trojan (RAT) toolkit in a new threat report published today. Initially...
US-CERT Vulnerability Summary for the Week of July 17, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infooliva_expertise -- oliva_expertise_eks Improper Neutralization of Special Elements used in an SQL...
How is the Dark Web Reacting to the AI Revolution?
A quick search for “ChatGPT” on the dark web and Telegram shows 27,912 mentions in the past six months. Much...
Norwegian government IT systems hacked using zero-day flaw
The Norwegian government is warning that its ICT platform used by 12 ministries has suffered a cyberattack after hackers exploited...
Zenbleed attack leaks sensitive data from AMD Zen2 processors
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to...
Ivanti patches MobileIron zero-day bug exploited in attacks
US-based IT software company Ivanti has patched an actively exploited zero-day vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management...
