Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large
Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name...
News
CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity...
Ransomware Gangs Use LockBit’s Fame to Intimidate Victims in Latest Attacks
Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed...
Think You’re Secure? 49% of Enterprises Underestimate SaaS Risks
It may come as a surprise to learn that 34% of security practitioners are in the dark about how many...
Researchers Reveal ‘Deceptive Delight’ Method to Jailbreak AI Models
Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models (LLMs)...
Microsoft Monthly Security Update (July 2024)
Updated Description, Related Links.CVE-2024-38094 is being exploited in the wild. An authenticated attacker with Site Owner permissions can use the...
Microsoft Monthly Security Update (October 2024)
Updated Description, Related Links.Proof of Concept exploit code Is publicly available for CVE-2024-43532. Microsoft has released monthly security update for their...
Severe Flaws in Major E2EE Cloud Storage Services Exposed
Recent research unveils critical vulnerabilities in popular end-to-end encrypted (E2EE) cloud storage services, shaking user trust in these platforms. Severe...
Curbing Spyware and Hack-for-Hire: Recommendations from Think Tanks
British think tanks emphasize the urgent need for action to address the misuse of spyware and hack-for-hire services, highlighting factors...
AI-Driven Attacks Target Retail Websites: Security Insights
Retailers are facing an alarming surge in AI-driven attacks, over half a million daily, complicating their cybersecurity landscape. According to...
LLMjacking and Open-Source Tool Abuse: A Surge in 2024 Cloud Attacks
In 2024, cloud-based cyber-attacks have surged dramatically, with LLMjacking and the abuse of open-source tools emerging as significant threats to...
SEC Charges Tech Companies for Misleading Disclosures on SolarWinds Hack
The SEC has charged four technology firms for misleading disclosures linked to the SolarWinds hack, raising critical cybersecurity awareness. The...
Phishing Attack Affects 92,554 Transak Users: Key Insights
A recent phishing attack has impacted over 92,000 Transak users, revealing vulnerabilities in security protocols. Transak, a prominent fiat-to-crypto payment...
75% of US Senate Campaign Websites Lack DMARC Protection: A Security Concern
A staggering 75% of US Senate campaign websites are not using Domain-based Message Authentication, Reporting and Conformance (DMARC), making them...
Facial Recognition Technology: Meta’s New Strategy Against Celeb-Bait Scams
Meta is leveraging facial recognition technology to combat celeb-bait scams and enhance account recovery methods on its platforms. Meta has...
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to...
Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent (OPA) that, if successfully exploited, could have...
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according...
Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum...
A Comprehensive Guide to Finding Service Accounts in Active Directory
Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they...
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way...
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as...
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its...
Bumblebee Loader Resurgence: Insights from Netskope Report
The Bumblebee malware loader may be staging a comeback months after a major operation disrupted its activities in May 2024....
