News, Data Breach News, Vulnerabilities
September 13, 2024
44 views 48 secs 0

Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint vulnerability. The breach, dubbed “Fortileak,” was revealed on a forum with access credentials shared online. HackRead reports: Dubbed Fortileak by the hacker, the breach allegedly originates from an exposure in Fortinet’s Azure SharePoint instance. In the forum post, the […]

Commentaries and Analyses, New Threats, Vulnerabilities
September 02, 2024
52 views 56 secs 0

Microsoft says North Korean hackers stole crypto through Chromium

A vulnerability on multiple web browsers was exploited by the Citrine Sleet threat actor to steal crypto from its victims, according to Microsoft. A Microsoft report claims a North Korean threat actor has been exploiting a flaw on Chromium to steal cryptocurrency. The company’s security blog attributed the exploitation of this bug “with medium confidence” […]

Data Breach News, Vulnerabilities
June 26, 2024
84 views 30 secs 0

Another MOVEit vulnerability: PATCH immediately!

Once again, threat actors are jumping to exploit a newly identified vulnerability in Progress MOVEit Transfer software. As Bleeping Computer reports, exploit attempts were noted less than 24 hours after the vendor disclosed the vulnerability. The new security issue received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol […]

Vulnerabilities, Data Breach News, New Threats, News
April 13, 2024
175 views 50 secs 0

Sisense breach and Palo Alto Networks vulnerability made for a busy week for CISOs

Sisense Security Week reports: The US government cybersecurity agency CISA on Thursday issued a red-alert for what appears to be a massive supply chain breach at Sisense, a New York company that sells big-data analytics tools to businesses. In a cryptic note, CISA warned of a recent “compromise of Sisense customer data” that was discovered […]

Consumer Alerts, Vulnerabilities
January 07, 2024
167 views 14 secs 0

Hackers can now take control of your Google Account without needing a password. Here’s how it works

Livemint reports: Cybercriminals have found a way to gain access to people’s Google accounts without needing their password, and the new exploit gives hackers continued access to Google services even after a user’s password has been reset. The new vulnerability was analysed by security firm CloudSEK and reported by The Independent. Furthermore, the issue first […]

Data Breach News, New Threats, Vulnerabilities
December 21, 2023
155 views 42 secs 0

Google fixes 8th Chrome zero-day exploited in attacks this year

Bleeping Computer reports: Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. “Google is aware that an exploit for CVE-2023-7024 exists in the wild,” a security advisory published Wednesday said. The company fixed the zero-day bug for users in the Stable Desktop […]

Data Breach News, Vulnerabilities
December 11, 2023
151 views 5 secs 0

North Korean hackers Lazarus Group takes new Telegram tactics

SiliconAngle reports: Cisco Systems Inc.’s Talos Intelligence unit posted today new findings about the North Korean hacking group called Lazarus that outline new ways it’s targeting attacks. “We have observed Lazarus target companies in the manufacturing, agricultural and physical security sectors,” their analysts wrote in the post. The group has been around since 2010 and was responsible most recently […]

Data Breach News, Vulnerabilities
December 06, 2023
167 views 2 mins 0

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

From CISA, December 5: Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in […]