Latest Security News
Stay up to date with latest Information Security alerts and trends
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting...
Read more
Published on: 2024-04-27
Source:
The Hacker News
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked...
Read more
Published on: 2024-04-27
Source:
The Hacker News
Published on: 2024-04-26
Source:
Dark Reading
Published on: 2024-04-26
Source:
Dark Reading
Published on: 2024-04-26
Source:
Dark Reading
A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here....
Read more
Published on: 2024-04-26
Source:
Schneier on Security
The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched....
Read more
Published on: 2024-04-26
Source:
Dark Reading
The semiconductor manufacturing giant's security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities....
Read more
Published on: 2024-04-26
Source:
Dark Reading
You can't thinking about inclusion in the workplace without first understanding what kinds of exclusive behaviors prevent people from advancing in their careers....
Read more
Published on: 2024-04-26
Source:
Dark Reading
Though PAN originally described the attacks exploiting the vulnerability as being limited, they are increasingly growing in volume, with more exploits disclosed by outside parties....
Read more
Published on: 2024-04-26
Source:
Dark Reading
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs....
Read more
Published on: 2024-04-26
Source:
Dark Reading
The volume of malicious cyber activity against the Philippines quadrupled in the first quarter of 2024 compared to the same period in 2023....
Read more
Published on: 2024-04-26
Source:
Dark Reading
Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws....
Read more
Published on: 2024-04-26
Source:
Dark Reading
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,...
Read more
Published on: 2024-04-26
Source:
The Hacker News
Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies....
Read more
Published on: 2024-04-26
Source:
Schneier on Security
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT...
Read more
Published on: 2024-04-26
Source:
The Hacker News
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,...
Read more
Published on: 2024-04-26
Source:
The Hacker News
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in...
Read more
Published on: 2024-04-26
Source:
The Hacker News
Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0. "This vulnerability, a SQL...
Read more
Published on: 2024-04-26
Source:
The Hacker News
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher...
Read more
Published on: 2024-04-25
Source:
The Hacker News
What's going on? A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit , Rhysida , and BlackSuit , it still presents a serious threat to organizations. What's "junk gun" ransomware? It's a name...
Read more
Published on: 2024-04-25
Source:
Tripwire State of Security