Microsoft has officially launched Copilot for Security, marking the advent of the first generative AI security product designed for widespread application. This innovative tool empowers security and IT teams, enabling them to protect their digital assets with the speed and scalability only AI can offer. Here’s a closer look at how Copilot for Security is poised to transform the … [Read more...]
Phishing-as-a-Service Platform Launched 20,000 Phishing Domains To Attack 100+ Countries
The cybersecurity landscape faces a new threat with the emergence of ‘darcula,’ a Phishing-as-a-Service (PhaaS) platform. This sophisticated service enables cybercriminals to launch phishing campaigns across over 20,000 domains, using advanced techniques to target over 100 countries. Unlike traditional phishing kits, ‘darcula’ utilizes modern technology such as JavaScript, React, Docker, … [Read more...]
Octopus Server Flaw Let Attackers Escalate Privilege
Octopus Server, a popular automation tool for deployment, operations runbooks, and development tasks, has identified a critical security flaw. The vulnerability tracked as CVE-2024-2975 could allow attackers to escalate privileges due to a race condition in the software. Summary of the Vulnerability – CVE-2024-2975 The race condition vulnerability was discovered on February 20, 2024, and … [Read more...]
xz-utils Backdoor Found in Kali Linux Installations – Check for Malware Infection
A backdoor was recently discovered in the xz-utils package versions 5.6.0 to 5.6.1, shocking the Linux community. This poses a significant threat to the security of Linux distributions, including Kali Linux. The vulnerability, CVE-2024-3094, could potentially allow malicious actors to compromise sshd authentication, granting unauthorized access to systems remotely. The xz-utils package is a … [Read more...]
OWASP Data Breach Due to Wiki Web Server Misconfiguration
The Open Web Application Security Project (OWASP) Foundation disclosed a significant data breach. The breach, which was discovered in late February 2024, was caused by a misconfiguration of the foundation’s old Wiki web server. This incident has led to the exposure of decade-old member resumes containing sensitive personal information. OWASP, known for its commitment to improving software … [Read more...]
Hackers Exploit Google Ads Tracking Feature To Deliver Malware
Google Ads is a big platform with a wide user base, which makes it attractive to threat actors who want to reach many targets at once. These malicious ads can also be created or legitimate ones hijacked to spread malware, phishing scams, and other malicious content around. The complex ad targeting options on Google Ads enable hacking groups to specifically target some demographics, … [Read more...]
Vultur Android Malware mimic As McAfee Security App To Attacks Users
Vultur, Android banking malware, has been observed incorporating new technical features, which allow the malware operator to remotely communicate with the victim’s mobile device. Additionally, Vultur has begun disguising more of its harmful behavior by encrypting its C2 communication, employing several payloads that are dynamically decrypted, and executing its malicious activities under the … [Read more...]
Gmail Turns 20! Evolves Constantly with Security Rules
As Gmail celebrates its 20th anniversary, it’s an opportune moment to reflect on its journey from a simple email service to a cornerstone of digital communication, emphasizing its evolution, security enhancements, user base growth, and innovative features. Gmail was Launched on April 1, 2004, It revolutionized email with its then-unprecedented 1GB of free storage, dwarfing competitors’ … [Read more...]
Linux Kernel Flaw Let Attackers Gain Full Root Access: PoC Published
Security researchers have uncovered a critical vulnerability in the Linux kernel’s io_uring subsystem, which could allow attackers to gain full root access to affected systems. The flaw, tracked as CVE-2024-0582, was found to be particularly exploitable in Ubuntu distributions due to a delay in patching despite the vulnerability being addressed in the stable kernel release in … [Read more...]
Microsoft to Separate Office & Teams Globally
Microsoft Corporation (MSFT.O) has announced its decision to sell its chat and video app Teams separately from its Office suite globally. This move follows a similar unbundling in Europe, which was aimed at addressing antitrust concerns raised by the European Commission. Microsoft’s decision, which was made public on Monday, is seen as a direct response to the European Commission’s ongoing … [Read more...]
Urgent Security Alert! Upstream Supply Chain Attack Lead to SSH Compromise
A critical security breach has been identified in the xz compression utility’s liblzma library, leading to a significant compromise of SSH server security across various Linux distributions. The xz format is ubiquitous across Linux distributions, serving as a general-purpose tool for compressing and decompressing large files. The backdoor, which was first detected in Debian sid … [Read more...]
TOP 10 Emerging Cybersecurity Threats for 2030
The European Union Agency for Cybersecurity (ENISA) has published a comprehensive list of the top ten emerging cybersecurity threats anticipated to impact the digital landscape by 2030. This forecast culminates an extensive eight-month foresight exercise, incorporating insights from the ENISA Foresight Expert Group, the CSIRTs Network, and EU CyCLONe experts. ENISA’s Executive Director, … [Read more...]
DNS Tunnel Keylogger – An Offensive Post-Exploitation Tool For Pentesters
A new keylogging server and client tool have been released on GitHub for pentesters. The tool utilizes DNS tunneling to transmit keystrokes through firewalls, potentially evading detection covertly. The tool, DNS-Tunnel-Keylogger, was designed for post-exploitation activities for pentesters and emphasizes lightweight exfiltration and persistence to minimize the chances of being discovered by … [Read more...]
Hackers Attack macOS Using Infostealer To Steal Sensitive Data
Over the past year, macOS users, particularly those in the cryptocurrency sector, have been increasingly targeted by infostealers. These malicious programs aim to harvest credentials and data from crypto wallets. amf Threat Labs has been monitoring the evolution of these threats and has identified two recent attacks that have successfully deployed infostealers on victims’ macOS … [Read more...]
AT&T Data Breach: Millions of Customers Data Exposed in Dark Web Leak
AT&T has confirmed that personal data from approximately 73 million current and former customers has been leaked on the dark web. This confirmation comes after the telecommunications giant initially denied that the leaked data originated from their systems. AT&T suggests the breach dates back to 2019 or earlier. It includes sensitive information such as Social Security numbers, … [Read more...]
Hackers Attack Python Developers by Poising With Typosquat on PyPI
An automated risk detection system identified a typosquatting campaign targeting popular Python libraries on PyPI. In two waves with a 20-hour break, the attack deployed over 500 variations with typos in names like requests, TensorFlow, and BeautifulSoup. The campaign included incorrect names (pytorch instead of torch) and libraries already part of the standard library (asyncio, tkinter). … [Read more...]
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems. Staying updated allows implementing preventive measures proactively rather than reactively. Consistent cybersecurity awareness builds a comprehensive knowledge base to protect networks from an evolving … [Read more...]
Lessons Learned from the CISA – Ivanti Cyberattack – 2024
In today’s digital era, the frequency and sophistication of cyberattacks are on the rise, posing a serious threat to businesses and organizations worldwide. Among these incidents, the cyberattack on the Cybersecurity and Infrastructure Security Agency (CISA) this year due to Ivanti software vulnerabilities is a stark reminder of the vulnerabilities within even the most secure systems. The … [Read more...]
Cisco Warns of Password Spraying Attacks Exploiting VPN Services
Password spraying is a technique hackers often take advantage of because it enables them to gain unauthorized access to many accounts or systems. They can potentially compromise many targets with little difficulty by using the same passwords for several accounts. It is a low-risk and high-reward attack method that the threat actors use while trying to get into networks or steal private … [Read more...]
GitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now
GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks. The versions released—16.10.1, 16.9.3, and 16.8.5—come as a part of GitLab’s ongoing efforts to maintain the highest security … [Read more...]
- « Previous Page
- 1
- …
- 10
- 11
- 12
- 13
- 14
- …
- 84
- Next Page »