Uncategorized

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer 12/06/2023 at 16:33 By Security researchers have warned about an “easily exploitable” flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. “A threat actor could impersonate a popular publisher and

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer Read More »

Use of multi-factor authentication nearly doubles since 2020

Use of multi-factor authentication nearly doubles since 2020 12/06/2023 at 16:22 By A new report reveals the use of MFA has nearly doubled since 2020 and that phishing-resistant authenticators represent the best choice in terms of security for users. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

Use of multi-factor authentication nearly doubles since 2020 Read More »

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable 12/06/2023 at 13:19 By A fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant “threat actors the ability to load numerous malware families and exploits with ease through highly

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable Read More »

Why Now? The Rise of Attack Surface Management

Why Now? The Rise of Attack Surface Management 12/06/2023 at 13:19 By The term “attack surface management” (ASM) went from unknown to ubiquitous in the cybersecurity space over the past few years. Gartner and Forrester have both highlighted the importance of ASM recently, multiple solution providers have emerged in the space, and investment and acquisition activity have seen

Why Now? The Rise of Attack Surface Management Read More »

Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk

Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk 12/06/2023 at 11:46 By Security vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information. “Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test

Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk Read More »

Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme

Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme 12/06/2023 at 11:31 By A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. “This massive campaign has likely resulted in thousands of people being scammed worldwide,”

Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme Read More »

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls – Patch Now!

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls – Patch Now! 12/06/2023 at 10:25 By Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability, tracked as CVE-2023-27997, is “reachable pre-authentication, on every SSL VPN appliance,” Lexfo

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls – Patch Now! Read More »

Apple’s Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs

Apple’s Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs 12/06/2023 at 07:56 By Apple is introducing major updates to Safari Private Browsing, offering users better protections against third-party trackers as they browse the web. “Advanced tracking and fingerprinting protections go even further to help prevent websites from using the latest techniques to track or

Apple’s Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs Read More »

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies 10/06/2023 at 16:06 By Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. “SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies Read More »

New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered – Patch Now!

New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered – Patch Now! 10/06/2023 at 12:18 By Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. “Multiple SQL injection vulnerabilities have been identified in

New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered – Patch Now! Read More »

Trustwave Action Response: Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868)

Trustwave Action Response: Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868) 10/06/2023 at 00:05 By On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability (CVE-2023-2868) present in the Barracuda Email Security Gateway (appliance form factor only) versions 5.1.3.001-9.2.0.006. This article is an excerpt from SpiderLabs Blog from Trustwave View

Trustwave Action Response: Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868) Read More »

10% of CISOs and IT professionals manage cybersecurity in-house

10% of CISOs and IT professionals manage cybersecurity in-house 09/06/2023 at 21:47 By Security spending trends and priorities of Chief Information Security Officers (CISOs) and IT professionals were analyzed in a report by Nuspire.  This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

10% of CISOs and IT professionals manage cybersecurity in-house Read More »

OSHA found South Dakota company retaliated against whistleblower

OSHA found South Dakota company retaliated against whistleblower 09/06/2023 at 21:07 By A South Dakota helicopter ambulance servicer was investigated by the Occupational Safety and Health Administration for terminating a whistleblower. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

OSHA found South Dakota company retaliated against whistleblower Read More »

Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants

Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants 09/06/2023 at 19:46 By Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks

Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants Read More »

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions 09/06/2023 at 17:03 By The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. “It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe,” ESET said in an analysis published

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions Read More »

Scroll to Top