Vulnerabilities, News
January 13, 2025
235 views 52 secs 0

Researcher Uncovers AWS S3 Ransomware Vulnerabilities

As if there weren’t enough concerns with misconfigured Amazon AWS s3 buckets exposing data, now we read this: Security researchers at Rhino Security Labs have uncovered a concerning vulnerability in Amazon Web Services (AWS) S3 storage systems that could allow attackers to execute ransomware attacks against cloud-stored data.  The research demonstrates how attackers can encrypt S3 bucket […]

News, Vulnerabilities
December 30, 2024
841 views 12 secs 0

Brothel Visits Exposed In Volkswagen Location Data Leak

There are breaches and then there are really really embarrassing breaches. Jalopnik reports: Things aren’t going so great at Volkswagen right now, and while the latest scandal likely won’t rise to the level of the diesel emissions scandal, a security lapse by VW’s in-house software developer Cariad did expose the locations of about 800,000 electric vehicles to […]

Data Breach News, News, Vulnerabilities
December 10, 2024
881 views 14 secs 0

Multiple Cleo file transfer products being exploited by hackers; patch isn’t sufficient

Here we go again: threat actors are taking advantage of vulnerabilities in file transfer products. This time it is Cleo file transfer products. The Record reports: Cybersecurity researchers are warning that vulnerabilities in several file transfer products are being exploited by hackers, even after a patch was released by the developer. The vulnerability — CVE-2024-50623 — was […]

Data Breach News, News, Vulnerabilities
December 10, 2024
857 views 26 secs 0

US sanctions Chinese firm for hacking firewalls in ransomware attacks; $10 million reward for information

The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. BleepingComputer reports: According to the Department’s Office of Foreign Assets Control (OFAC), Sichuan Silence is a […]

Vulnerabilities
November 26, 2024
838 views 56 secs 0

Russian Hackers Target Mozilla, Windows in New Exploit Chain

Two vulnerabilities in Mozilla products and Windows are actively exploited by RomCom, a Kremlin-linked cybercriminal group known for targeting businesses and conducting espionage, warn security researchers from Eset. GovInfoSecurity reports: Researchers identified two critical vulnerabilities in Mozilla Foundation products. One, tracked as CVE-2024-9680 is a use-after-free flaw allowing code execution in the Firefox and the Thunderbird email client. It […]

New Threats, News, Vulnerabilities
November 19, 2024
1096 views 27 secs 0

One Million Websites Vulnerable To Dangerous Sitting Duck Cyber Attacks

As Forbes reports, hijacking internet domains is nothing new, but a new Infoblox report reveals how the threat has evolved into an ongoing attack methodology. Forbes explains: The sitting duck cyber attacks are, Infoblox said, “easy to execute for actors, hard to detect for security teams.” To understand why you need to look at what vulnerability […]

News, Commentaries and Analyses, Vulnerabilities
November 19, 2024
977 views 21 secs 0

Majority of firms using generative AI experience related security incidents – even as it empowers security teams

How many times do we read about something new and think, “What can possibly go wrong, right?” Some new research by the Capgemini Research Institute found that 97% of organizations using generative AI were affected by data breaches or security concerns linked to generative AI, and most do not have an adequate budget to deal with […]

Vulnerabilities
November 15, 2024
828 views 58 secs 0

Five Eyes infosec agencies list 2024’s most exploited software flaws

The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities. The Register reports: The top two spots on the list go to Citrix, which topped the chart with a remote code execution bug in versions 12 and 13 of NetScaler ADC and Gateway. […]

News, Data Breach News, Vulnerabilities
September 13, 2024
1121 views 48 secs 0

Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint vulnerability. The breach, dubbed “Fortileak,” was revealed on a forum with access credentials shared online. HackRead reports: Dubbed Fortileak by the hacker, the breach allegedly originates from an exposure in Fortinet’s Azure SharePoint instance. In the forum post, the […]