Commentaries and Analyses, New Threats, Vulnerabilities
September 02, 2024
1165 views 56 secs 0

Microsoft says North Korean hackers stole crypto through Chromium

A vulnerability on multiple web browsers was exploited by the Citrine Sleet threat actor to steal crypto from its victims, according to Microsoft. A Microsoft report claims a North Korean threat actor has been exploiting a flaw on Chromium to steal cryptocurrency. The company’s security blog attributed the exploitation of this bug “with medium confidence” […]

Data Breach News, Vulnerabilities
June 26, 2024
918 views 30 secs 0

Another MOVEit vulnerability: PATCH immediately!

Once again, threat actors are jumping to exploit a newly identified vulnerability in Progress MOVEit Transfer software. As Bleeping Computer reports, exploit attempts were noted less than 24 hours after the vendor disclosed the vulnerability. The new security issue received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol […]

Vulnerabilities, Data Breach News, New Threats, News
April 13, 2024
1109 views 50 secs 0

Sisense breach and Palo Alto Networks vulnerability made for a busy week for CISOs

Sisense Security Week reports: The US government cybersecurity agency CISA on Thursday issued a red-alert for what appears to be a massive supply chain breach at Sisense, a New York company that sells big-data analytics tools to businesses. In a cryptic note, CISA warned of a recent “compromise of Sisense customer data” that was discovered […]

Consumer Alerts, Vulnerabilities
January 07, 2024
507 views 14 secs 0

Hackers can now take control of your Google Account without needing a password. Here’s how it works

Livemint reports: Cybercriminals have found a way to gain access to people’s Google accounts without needing their password, and the new exploit gives hackers continued access to Google services even after a user’s password has been reset. The new vulnerability was analysed by security firm CloudSEK and reported by The Independent. Furthermore, the issue first […]

Data Breach News, New Threats, Vulnerabilities
December 21, 2023
1168 views 42 secs 0

Google fixes 8th Chrome zero-day exploited in attacks this year

Bleeping Computer reports: Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. “Google is aware that an exploit for CVE-2023-7024 exists in the wild,” a security advisory published Wednesday said. The company fixed the zero-day bug for users in the Stable Desktop […]

Data Breach News, Vulnerabilities
December 11, 2023
987 views 5 secs 0

North Korean hackers Lazarus Group takes new Telegram tactics

SiliconAngle reports: Cisco Systems Inc.’s Talos Intelligence unit posted today new findings about the North Korean hacking group called Lazarus that outline new ways it’s targeting attacks. “We have observed Lazarus target companies in the manufacturing, agricultural and physical security sectors,” their analysts wrote in the post. The group has been around since 2010 and was responsible most recently […]

Data Breach News, Vulnerabilities
December 06, 2023
1026 views 2 mins 0

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

From CISA, December 5: Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in […]

Data Breach News, New Threats, News, Vulnerabilities
December 05, 2023
1044 views 16 secs 0

Russian state-sponsored hackers exploiting Outlook vulnerability, Microsoft warns

Cybernews reports: Microsoft is urging Outlook users to patch and update their systems to mitigate a new threat from Russia. Hackers associated with the Kremlin’s military intelligence agency GRU are exploiting the vulnerability to access victim’s emails. Microsoft warned that a nation-state actor tracked as Forest Blizzard is actively exploiting a vulnerability to provide secret, […]