Exploit released for Cisco AnyConnect bug giving SYSTEM privileges
Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure...
News
FTC: Amazon trapped millions into hard-to-cancel Prime memberships
The Federal Trade Commission (FTC) says Amazon allegedly used dark patterns to trick millions of users into enrolling in its...
The Great Exodus to Telegram: A Tour of the New Cybercrime Underground
The world of cybercrime is moving quickly. Threat actors, ransomware gangs, malware developers, and others are increasingly and rapidly moving...
US-CERT Vulnerability Summary for the Week of June 5, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks
The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features...
Startup Security Tactics: Friction Surveys
When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security...
New Report Exposes Operation Triangulation’s Spyware Implant Targeting iOS Devices
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation...
SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish
The Quick Serve Restaurant (QSR) industry is built on consistency and shared resources. National chains like McDonald's and regional ones...
Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover
A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full...
Startup Security Tactics: Friction Surveys
When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security...
Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a...
Alert! Hackers Exploiting Critical Vulnerability in VMware’s Aria Operations Networks
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight)...
New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to...
Ransomware is only getting faster: Six steps to a stronger defense
Staying ahead of threat actors is a game of cat and mouse, with attackers often having the upper hand. In...
Russian APT28 hackers breach Ukrainian govt email servers
Image: Bing Image Creator A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate (GRU)...
New RDStealer malware steals from drives shared over Remote Desktop
A cyberespionage and hacking campaign tracked as 'RedClouds' uses the custom 'RDStealer' malware to automatically steal data from drives shared...
Zyxel warns of critical command injection flaw in NAS devices
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command...
Over 100,000 ChatGPT accounts stolen via info-stealing malware
​More than 101,000 ChatGPT user accounts have been stolen by information-stealing malware over the past year, according to dark web...
Hackers infect Linux SSH servers with Tsunami botnet malware
An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS...
VMware warns of critical vRealize flaw exploited in attacks
VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code...
New Condi malware builds DDoS botnet out of TP-Link AX21 routers
A new DDoS-as-a-Service botnet called "Condi" emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers...
Microsoft fixes Azure AD auth flaw enabling account takeover
Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and...
Hackers warn University of Manchester students’ of imminent data leak
Image: Ax Sharma The ransomware operation behind a cyberattack on the University of Manchester has begun to email students, warning...
US-CERT Vulnerability Summary for the Week of June 5, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
