Vulnerabilities
November 26, 2024
854 views 56 secs 0

Russian Hackers Target Mozilla, Windows in New Exploit Chain

Two vulnerabilities in Mozilla products and Windows are actively exploited by RomCom, a Kremlin-linked cybercriminal group known for targeting businesses and conducting espionage, warn security researchers from Eset. GovInfoSecurity reports: Researchers identified two critical vulnerabilities in Mozilla Foundation products. One, tracked as CVE-2024-9680 is a use-after-free flaw allowing code execution in the Firefox and the Thunderbird email client. It […]

New Threats, News, Vulnerabilities
November 19, 2024
1116 views 27 secs 0

One Million Websites Vulnerable To Dangerous Sitting Duck Cyber Attacks

As Forbes reports, hijacking internet domains is nothing new, but a new Infoblox report reveals how the threat has evolved into an ongoing attack methodology. Forbes explains: The sitting duck cyber attacks are, Infoblox said, “easy to execute for actors, hard to detect for security teams.” To understand why you need to look at what vulnerability […]

News, Commentaries and Analyses, Vulnerabilities
November 19, 2024
998 views 21 secs 0

Majority of firms using generative AI experience related security incidents – even as it empowers security teams

How many times do we read about something new and think, “What can possibly go wrong, right?” Some new research by the Capgemini Research Institute found that 97% of organizations using generative AI were affected by data breaches or security concerns linked to generative AI, and most do not have an adequate budget to deal with […]

Vulnerabilities
November 15, 2024
844 views 58 secs 0

Five Eyes infosec agencies list 2024’s most exploited software flaws

The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities. The Register reports: The top two spots on the list go to Citrix, which topped the chart with a remote code execution bug in versions 12 and 13 of NetScaler ADC and Gateway. […]

News, Data Breach News, Vulnerabilities
September 13, 2024
1149 views 48 secs 0

Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint vulnerability. The breach, dubbed “Fortileak,” was revealed on a forum with access credentials shared online. HackRead reports: Dubbed Fortileak by the hacker, the breach allegedly originates from an exposure in Fortinet’s Azure SharePoint instance. In the forum post, the […]

Commentaries and Analyses, New Threats, Vulnerabilities
September 02, 2024
1183 views 56 secs 0

Microsoft says North Korean hackers stole crypto through Chromium

A vulnerability on multiple web browsers was exploited by the Citrine Sleet threat actor to steal crypto from its victims, according to Microsoft. A Microsoft report claims a North Korean threat actor has been exploiting a flaw on Chromium to steal cryptocurrency. The company’s security blog attributed the exploitation of this bug “with medium confidence” […]

Data Breach News, Vulnerabilities
June 26, 2024
938 views 30 secs 0

Another MOVEit vulnerability: PATCH immediately!

Once again, threat actors are jumping to exploit a newly identified vulnerability in Progress MOVEit Transfer software. As Bleeping Computer reports, exploit attempts were noted less than 24 hours after the vendor disclosed the vulnerability. The new security issue received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol […]

Vulnerabilities, Data Breach News, New Threats, News
April 13, 2024
1141 views 50 secs 0

Sisense breach and Palo Alto Networks vulnerability made for a busy week for CISOs

Sisense Security Week reports: The US government cybersecurity agency CISA on Thursday issued a red-alert for what appears to be a massive supply chain breach at Sisense, a New York company that sells big-data analytics tools to businesses. In a cryptic note, CISA warned of a recent “compromise of Sisense customer data” that was discovered […]