SEC Charges Tech Companies for Misleading Disclosures on SolarWinds Hack
The SEC has charged four technology firms for misleading disclosures linked to the SolarWinds hack, raising critical cybersecurity awareness. The...
News
Phishing Attack Affects 92,554 Transak Users: Key Insights
A recent phishing attack has impacted over 92,000 Transak users, revealing vulnerabilities in security protocols. Transak, a prominent fiat-to-crypto payment...
75% of US Senate Campaign Websites Lack DMARC Protection: A Security Concern
A staggering 75% of US Senate campaign websites are not using Domain-based Message Authentication, Reporting and Conformance (DMARC), making them...
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to...
Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent (OPA) that, if successfully exploited, could have...
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according...
Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum...
A Comprehensive Guide to Finding Service Accounts in Active Directory
Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they...
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way...
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as...
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its...
Nidec Ransomware Attack: Over 50,000 Files Exposed
In a troubling incident, the Nidec ransomware attack in August 2024 led to the exposure of over 50,000 sensitive documents...
Stolen Access Tokens Trigger New Breach at Internet Archive
Stolen access tokens have led to alarming security concerns for the Internet Archive, highlighting the need for rigorous cybersecurity measures....
Bumblebee Loader Resurgence: Insights from Netskope Report
The Bumblebee malware loader may be staging a comeback months after a major operation disrupted its activities in May 2024....
Guidance on Commercial AI Products: Best Practices for Australian Businesses
Australian businesses now have essential guidance on best practices for using commercial AI products, as outlined by the Office of...
Unmanaged Long-Lived Cloud Credentials Put Organizations at Risk
Nearly half of organizations, specifically 46%, are facing significant security challenges due to unmanaged long-lived cloud credentials, according to Datadog's...
US-CERT Vulnerability Summary for the Week of October 14, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Guide: The Ultimate Pentest Checklist for Full-Stack Security
Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics...
THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 – Oct 20)
Hi there! Here's your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems...
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed...
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to...
Social Media Accounts: The Weak Link in Organizational SaaS Security
Social media accounts help shape a brand's identity and reputation. These public forums engage directly with customers as they are...
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as...
Acronym Overdose – Navigating the Complex Data Security Landscape
In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others....
