October Patch Tuesday Addresses Three Zero-Days
Microsoft has fixed three zero-day vulnerabilities in its latest security update round this month, all of which are being actively...
Premium Members Content
Tech Giants Reveal Record-Breaking “Rapid Reset” DDoS Bug
Threat actors have been exploiting a zero-day vulnerability in the HTTP/2 protocol since August to launch the largest DDoS attacks...
IZ1H9 Botnet Targets IoT Devices With New Exploits
FortiGuard Labs, the research arm of security firm Fortinet, has uncovered a significant evolution in the IZ1H9 Mirai-based DDoS campaign. Discovered...
Cyber Professionals Alarmed by Growing Attacker Use of AI
IT security decision makers are concerned about the use of AI by cyber-criminals, particularly surrounding deepfakes, and many believe AI...
US Government Issues Open-Source Security Guidance for Critical Infrastructure
The US government has issued guidance on securing open-source software (OSS) in operational technology (OT) critical infrastructure environments.The joint advisory,...
Curl Releases Fixes For High-Severity Vulnerability
In a recent security alert, the team behind the popular open-source tool curl has announced the release of fixes for...
Exploitation Accounts For 29% of Education Sector Attacks
The education sector has been confirmed as a prime target for threat actors, with 29% of attacks originating from vulnerability...
Social Dominates as Victims Take $2.7bn Fraud Hit
Fraud victims lost $2.7bn to scammers operating on social media between January 2021 and June 2023, according to new research...
Google Bug Bounty Program Expands to Chrome V8, Google Cloud
Google's research team has launched v8CTF, a capture-the-flag (CTF) challenge focused on its Chrome browser’s V8 JavaScript engine.The competition opened...
MGM Resorts Reveals Over $100M in Costs After Ransomware Attack
MGM Resorts International has disclosed that costs resulting from a ransomware attack in September have surpassed $100m, including $10m in...
DNA Tester 23andMe Hit By Credential Stuffing Campaign
A leading genetics testing firm has confirmed that customers had their profile information accessed by threat actors following a credential...
Blackbaud Settles Ransomware Breach Case For $49.5m
Software provider Blackbaud has reached a multimillion-dollar agreement with 49 states over charges connected to a massive 2020 ransomware breach...
Weekly Cyber Security Tip: Understanding Security Assessment and Testing
This week's cybersecurity tip revolves around the crucial topic of security assessment and testing. This is a fundamental aspect of...
GoldDigger Android Trojan Drains Victim Bank Accounts
Security researchers have discovered a prolific new Android Trojan designed to covertly harvest user information including banking app credentials, with...
US Government Proposes SBOM Rules for Contractors
Three US government agencies have proposed new rules for federal contractors which would require them to develop and maintain a...
Critical Glibc Bug Puts Linux Distributions at Risk
Security researchers from the Qualys Threat Research Unit (TRU) have uncovered a new buffer overflow vulnerability within the GNU C...
CISA and NSA Tackle IAM Security Challenges in New Report
The CISA and the National Security Agency (NSA) have published new guidelines in a report called "Identity and Access Management:...
Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers
Security researchers have discovered a major new scam operation designed to trick job seekers into parting with cryptocurrency, by getting...
China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns
Chinese threat actors are positioning themselves to deploy major cyber-attacks against US critical national infrastructure (CNI) in the event of...
CISA and NSA Publish Top 10 Misconfigurations
Two leading US government security agencies have shared the top 10 most common cybersecurity misconfigurations, in a bid to improve...
Apple Issues Emergency Patches for More Zero-Day Bugs
Apple has been forced to issue more emergency updates to fix two new zero-day vulnerabilities impacting iOS and iPadOS users.An...
AWS to Mandate Multi-Factor Authentication from 2024
Amazon Web Services (AWS) said it will require multi-factor authentication (MFA) for all privileged accounts starting mid-2024, in a bid...
Qakbot Gang Still Active Despite FBI Takedown
Despite the takedown of the Qakbot threat gang’s infrastructure by the FBI in late August, some of the group’s affiliates...
Arm and Qualcomm Chips Hit by Multiple Zero-Day Attacks
Qualcomm and Arm have been forced to release security updates to patch several zero-day vulnerabilities exploited in recent targeted attacks...
