How to prevent Microsoft OneNote files from infecting Windows with malware
The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach...
News
Sandbox blockchain game breached to send emails linking to malware
The Sandbox blockchain game is warnings its community that a security incident caused some users to receive fraudulent emails impersonating...
New malware infects business routers for data theft, surveillance
An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and...
Proof-of-Concept released for critical Microsoft Word RCE bug
A proof-of-concept for CVE-2023-21716, a critical vulnerability in Microsoft Word that allows remote code execution, has been published over the...
Securing cloud workloads with Wazuh – an open source, SIEM and XDR platform
Organizations rapidly adopt the cloud as they rely heavily on data and technology to drive their businesses. These organizations utilize...
Old Windows ‘Mock Folders’ UAC bypass used to drop malware
A new phishing campaign targets organizations in Eastern European countries with the Remcos RAT malware with aid from an old...
From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality
Deep fakes are expected to become a more prominent attack vector. Here's how to identify them. What are Deep Fakes?#...
New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims
A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America...
Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine
Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind...
Experts Reveal Google Cloud Platform’s Blind Spot for Data Exfiltration Attacks
Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new...
Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm
A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of...
New TPM 2.0 flaws could let hackers steal cryptographic keys
The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access...
Ransomware gang leaks data stolen from City of Oakland
The Play ransomware gang has begun to leak data from the City of Oakland, California, that was stolen in a...
New FiXS ATM Malware Targeting Mexican Banks
A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. "The...
Security and IT Teams No Longer Need To Pay For SaaS-Shadow IT Discovery
This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of...
Iron Tiger hackers create Linux version of their custom malware
The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware,...
Microsoft Exchange Online outage blocks access to mailboxes worldwide
Microsoft is investigating an ongoing outage blocking Exchange Online customers worldwide from accessing their mailboxes or sending/receiving emails. Affected users...
Cisco patches critical Web UI RCE flaw in multiple IP phones
Cisco has addressed a critical security vulnerability found in the Web UI of multiple IP Phone models that unauthenticated and...
GitHub’s secret scanning alerts now available for all public repos
GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be...
Aruba Networks fixes six critical vulnerabilities in ArubaOS
Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary...
CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released 'Decider,' an open-source tool that helps defenders and security analysts...
White House releases new U.S. national cybersecurity strategy
The Biden-Harris administration today released its national cybersecurity strategy that focuses on shifting the burden of defending the country's cyberspace...
British retail chain WH Smith says data stolen in cyberattack
British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. The company operates...
Trezor warns of massive crypto wallet phishing campaign
An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and...
