Microsoft OneNote will block 120 dangerous file extensions
Microsoft has shared more information on what malicious embedded files OneNote will soon block to defend users against ongoing phishing...
News
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails
A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since...
Realtek and Cacti flaws now actively exploited by malware botnets
Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot...
CISA orders agencies to patch bugs exploited to drop spyware
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies today to patch security vulnerabilities exploited as zero-days in...
Ukrainian cyberpolice busts fraud gang that stole $4.3 million
Ukraine's cyberpolice has arrested members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the...
US-CERT Vulnerability Summary for the Week of March 20, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Researchers Detail Severe “Super FabriXss” Vulnerability in Microsoft Azure SFX
Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code...
New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices
A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11...
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor
A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and...
AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials...
Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration
Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management....
3CX Desktop App Supply Chain Attack Leaves Millions at Risk – Urgent Update on the Way!
3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on...
3CX App Supply Chain Attack Leaves Millions at Risk – Urgent Update on the Way!
3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on...
Google finds more Android, iOS zero-days used to install spyware
Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install...
QNAP warns customers to patch Linux Sudo flaw in NAS devices
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation...
Hackers compromise 3CX desktop app in a supply chain attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used...
US-CERT Vulnerability Summary for the Week of March 20, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups
An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French...
Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and...
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper...
How to Build a Research Lab for Reverse Engineering — 4 Ways
Malware analysis is an essential part of security researcher's work. But working with malicious samples can be dangerous — it...
Smart Mobility has a Blindspot When it Comes to API Security
The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in...
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations
A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence...
Latitude Financial data breach now impacts 14 million customers
Australian loan giant Latitude Financial Services (Latitude) is warning customers that its data breach is much more significant than initially...
