New Chrome Feature Scans Password-Protected Files for Malicious Content
Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We...
News
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep...
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND)...
North Korean Hackers Targeted Cybersecurity Firm KnowBe4 with Fake IT Worker
Cybersecurity awareness training company KnowBe4 has revealed it was duped into hiring a fake IT worker from North Korea, resulting...
Google Criticized for Abandoning Cookie Phase-Out
Google has been criticized for its decision to abandon plans to phase out third-party cookies in the Chrome browser, with...
CrowdStrike Shares How a Rapid Response Content Update Caused Global Outage
Read more coverage on the CrowdStrike IT outage: CrowdStrike Fault Causes Global IT Outages Cybercriminals Exploit CrowdStrike Outage ChaosCrowdStrike has...
Multiple Vulnerabilities Affecting LangChain Gen AI
Palo Alto Networks researchers have identified two vulnerabilities (CVE-2023-46229 and CVE-2023-44467) in LangChain, a popular open source generative AI framework...
How a Trust Center Solves Your Security Questionnaire Problem
Security questionnaires aren't just an inconvenience — they're a recurring problem for security and sales teams. They bleed time from...
Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool
The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to...
CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash...
How to Reduce SaaS Spend and Risk Without Impacting Productivity
There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built...
Telegram App Flaw Exploited to Spread Malware Hidden in Videos
A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files...
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers
A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to...
CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog,...
Chinese Hackers Target Taiwan and U.S. NGO with MgBot and MACMA Malware
Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking...
Microsoft Internet Explorer “CDwnBindInfo” Use-After-Free Vulnerability
A vulnerability has been identified in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's...
Chinese Espionage Group Upgrades Malware Arsenal to Target All Major OS
Prolific Chinese espionage group Daggerfly (aka Evasive Panda, Bronze Highland) has extensively updated its malware toolkit, increasing its abilities to...
Prolific DDoS Marketplace Shut Down by UK Law Enforcement
UK law enforcement agencies have infiltrated and taken down DigitallStress, the world’s most prolific underground marketplace offering distributed denial of...
Russia Shifts Cyber Focus to Battlefield Intelligence in Ukraine
Russia’s cyber activities in Ukraine have shifted away from strategic civilian targets towards pursuing tactical military objectives, according to a...
Chinese Hackers Target Taiwan and US NGO with MgBot Malware
Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking...
Meta Given Deadline to Address E.U. Concerns Over ‘Pay or Consent’ Model
Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its...
Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware
The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in...
New ICS Malware ‘FrostyGoop’ Targeting Critical Infrastructure
Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in...
How to Securely Onboard New Employees Without Sharing Temporary Passwords
The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice...
