AT&T has confirmed that personal data from approximately 73 million current and former customers has been leaked on the dark web. This confirmation comes after the telecommunications giant initially denied that the leaked data originated from their systems. AT&T suggests the breach dates back to 2019 or earlier. It includes sensitive information such as Social Security numbers, … [Read more...]
Hackers Attack Python Developers by Poising With Typosquat on PyPI
An automated risk detection system identified a typosquatting campaign targeting popular Python libraries on PyPI. In two waves with a 20-hour break, the attack deployed over 500 variations with typos in names like requests, TensorFlow, and BeautifulSoup. The campaign included incorrect names (pytorch instead of torch) and libraries already part of the standard library (asyncio, tkinter). … [Read more...]
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems. Staying updated allows implementing preventive measures proactively rather than reactively. Consistent cybersecurity awareness builds a comprehensive knowledge base to protect networks from an evolving … [Read more...]
Lessons Learned from the CISA – Ivanti Cyberattack – 2024
In today’s digital era, the frequency and sophistication of cyberattacks are on the rise, posing a serious threat to businesses and organizations worldwide. Among these incidents, the cyberattack on the Cybersecurity and Infrastructure Security Agency (CISA) this year due to Ivanti software vulnerabilities is a stark reminder of the vulnerabilities within even the most secure systems. The … [Read more...]
Cisco Warns of Password Spraying Attacks Exploiting VPN Services
Password spraying is a technique hackers often take advantage of because it enables them to gain unauthorized access to many accounts or systems. They can potentially compromise many targets with little difficulty by using the same passwords for several accounts. It is a low-risk and high-reward attack method that the threat actors use while trying to get into networks or steal private … [Read more...]
GitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now
GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks. The versions released—16.10.1, 16.9.3, and 16.8.5—come as a part of GitLab’s ongoing efforts to maintain the highest security … [Read more...]
Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards : Patch Now
Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk to organizations utilizing Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities, identified as CVE-2024-29945 and CVE-2024-29946, have been rated high in severity with CVSS scores of 7.2 and 8.1, respectively. These security flaws could potentially allow attackers to … [Read more...]
GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights the growing, widespread use and potential of Web3 user security data to aid in risk management. The findings of the report reveal a clear and growing demand for more advanced security tools that can effectively safeguard digital assets, verify the authenticity of nonfungible tokens … [Read more...]
C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such as BMW Group, Daimler Truck AG, Marelli, NTT Data, Siemens, and Valeo, among others. C2A Security’s DevSecOps Platform, ‘EVSec’, has gained widespread traction as the automotive industry strives to meet cybersecurity regulations and industry standards, such as UN … [Read more...]
Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords
Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple IDs through what’s known as a “push bombing” or “MFA fatigue” attack. This method exploits the multi-factor authentication (MFA) system, bombarding users with incessant notifications to approve password changes or logins, ultimately aiming to steal passwords and gain unauthorized access to personal … [Read more...]
Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious Remote Control Software (RAT), Remcos. This method marks a significant evolution in cyberattack strategies, aiming to bypass traditional security measures and gain unauthorized access to victims’ devices. Remcos RAT has been a known entity in the cyber realm since 2016, initially introduced … [Read more...]
NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and CVE-2024-0083) that could allow attackers to execute malicious code and tamper with data on affected systems. The vulnerabilities stem from improper input validation (CWE-20) and improper privilege management (CWE-269) practices, where attackers could potentially trick the system … [Read more...]
iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage
A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform. A sophisticated Phishing-as-a-Service (PhaaS) platform known as ‘Dracula’. This platform has been implicated in high-profile phishing attacks, leveraging the trust and widespread use of iMessage among iPhone users to perpetrate its schemes. The Rise of Darcula Darcula is … [Read more...]
2 Chrome Zero-Days Exploited At Pwn2Own 2024 : Patch Now
Google patched seven vulnerabilities in the Chrome browser on Tuesday, including two zero-day exploits that were exploited at the Pwn2Own Vancouver 2024 hacking contest. Researchers at Pwn2Own challenge exploited the zero-days tagged as Type Confusion in WebAssembly (CVE-2024-2887) and Use after free in WebCodecs (CVE-2024-2886). Google has fixed the vulnerabilities in the Google Chrome … [Read more...]
Source Code of Italian anti-piracy Platform Privacy Shield Leaked on GitHub
The source code and documentation of the Italian anti-piracy platform Privacy Shield have reportedly been leaked on the popular code-sharing platform GitHub. This incident raises serious questions about privacy, security, and the potential for censorship. According to reports, the leak comprises nine repositories that contain comprehensive details of the Privacy Shield platform. This … [Read more...]
Wireshark 4.2.4 Released : What’s New!
Wireshark remains the go-to choice for both professionals and enthusiasts due to its unmatched capabilities in packet capturing and analysis. Its advanced features and user-friendly interface make it an indispensable tool for network troubleshooting and protocol analysis. The latest release, Wireshark 4.2.4, brings forth a series of critical updates and bug fixes that underscore the tool’s … [Read more...]
Microsoft Edge Flaw Let Hackers Silently Install Malicious Extensions
Guardio Labs has uncovered a significant vulnerability in Microsoft Edge, Microsoft’s flagship web browser, that could allow hackers to install malicious extensions without the user’s knowledge. This flaw, if exploited, could lead to a range of security breaches, including data theft, privacy invasion, and unauthorized access to users’ online activities. The vulnerability, identified as … [Read more...]
Agent Tesla’s Added New Tools & Tactics to Its Arsenal
The persistent search for money and the threat actors increasingly becoming more sophisticated are driving the alarming rate of malware change. Every day, new types of malware are created and put into circulation at an unusual speed, using modern tricks to avoid discovery and overcome security systems, while taking advantage of the most recent system vulnerabilities. Cybersecurity … [Read more...]
Hackers Using Weaponized PDF Files to Deliver Mispadu Banking Malware
Mispadu, a banking trojan initially targeting Latin America, has expanded its attacks to Europe, stealing credentials through phishing emails and malicious URLs. The attackers utilize stolen credentials for further phishing attacks, making it a significant threat. Despite the geographic expansion, Mexico remains the primary target, with thousands of stolen credentials since April … [Read more...]
vBulletin Forums Breached: Dark Web Sale of Millions of Accounts
vBulletin, a widely used forum software, has been compromised, potentially exposing millions of user accounts. The breach was facilitated by a software vulnerability, specifically affecting versions 4.2.2 and 4.2.3. The Forumrunner add-on was pinpointed as the weak link that allowed attackers to perform SQL Injection attacks. The Vulnerability The issue’s core lies in an SQL … [Read more...]
- « Previous Page
- 1
- …
- 15
- 16
- 17
- 18
- 19
- …
- 88
- Next Page »