Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used...
News
Meta’s ‘Pay or Consent’ Approach Faces E.U. Competition Rules Scrutiny
Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused...
Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights
An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim...
Active Exploitation of Vulnerability in Cisco NX-OS Software
Cisco has released security updates to address a vulnerability (CVE-2024-20399) in their Cisco NX-OS Software. The vulnerability is reportedly being...
Cyber-Insurance Premiums Decline as Firms Build Resilience
Cyber insurance premiums have experienced “double-digit price reductions” over the past year as organizations enhance their cybersecurity, according to a...
Over Six Million Hit by Ransomware Breach at Infosys McCamish Systems
A cyber-attack on outsourcer Infosys McCamish Systems last year impacted more than six million customers, according to a new filing...
Meta’s ‘Pay or Consent’ Data Model Breaches EU Law
The EU Commission has informed Meta that its ‘pay or consent’ model breaches EU law as it does not allow...
Australian Police Arrest Suspect in Fake Wi-Fi Scam Targeting Airport Passengers
The Australian Federal Police (AFP) have arrested a 42-year-old Australian resident who allegedly established a network of fake free Wi-Fi...
US-CERT Vulnerability Summary for the Week of June 24, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that...
CapraRAT Spyware Disguised as Popular Apps Threatens Android Users
The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering...
Indian Software Firm’s Products Hacked to Spread Data-Stealing Malware
Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware....
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution...
End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities
At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities...
Juniper Networks Releases Critical Security Update for Routers
Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass...
Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024,...
Active Exploitation of Critical Vulnerability in MOVEit Transfer
Progress Software has released security updates to address a critical vulnerability (CVE-2024-5806) in MOVEit Transfer. The vulnerability has a CVSSv3.1...
Google Thwarts Over 10,000 Attempts by Chinese Influence Operator
Google blocked over 10,000 instances of Dragon Bridge activity in Q1 2024, a China-affiliated influence operator that pushes pro-People’s Republic...
TeamViewer Cyber-Attack Attributed to Russian APT Midnight Blizzard
Remote software provider TeamViewer has been hit by a cyber-attack that it has attributed to Russian state-affiliated threat actor Midnight...
Cyber Workforce Grows 15% at Large Organizations as Security is Prioritized
Large organizations have significantly strengthened their cyber workforce in 2024, according to cyber consultancy Wavestone.In its Cyber Benchmark 2024 report,...
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome...
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run...
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security...
New SnailLoad Attack Exploits Network Latency to Spy on Users’ Web Activities
A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad...
