Uncategorized

Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover 21/06/2023 at 16:20 By A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, […]

React to this headline:

Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor 21/06/2023 at 14:38 By Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom’s Symantec, involved a new backdoor codenamed Graphican. Some

React to this headline:

Alert! Hackers Exploiting Critical Vulnerability in VMware’s Aria Operations Networks 21/06/2023 at 11:49 By VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product

React to this headline:

New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks 21/06/2023 at 11:49 By A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023.

React to this headline:

Security Awareness 101: Creating a Compelling Security Awareness Program 20/06/2023 at 22:34 By There is no downside for an organization to have a security awareness program in place. It may not be 100% effective in stopping workers from making an error and causing a cyber incident, but like any preventative endeavor such a program can

React to this headline:

Philadelphia healthcare facility suffers ransomware attack 20/06/2023 at 22:34 By Philadelphia healthcare facility Vincera has issued a notice following a ransomware attack in April of 2023 that compromised patient data. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products 20/06/2023 at 22:34 By Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric. The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors. “OT:ICEFALL demonstrates

React to this headline:

Untrained users are biggest flaw in organizations’ cyber defense layer 20/06/2023 at 21:33 By A recent report reveals that 33.1% of employees are likely to click on a suspicious link or comply with a fraudulent request.  This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

Vulnerable information is discovered within minutes by cybercriminals 20/06/2023 at 18:40 By Cybercriminal habits were analyzed in a recent report by Orca Security that reveals that attackers typically find exposed secrets in two minutes. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

55% of employees solely use mobile device for work while traveling 20/06/2023 at 17:36 By Bring your own device (BYOD) policies have become difficult for IT teams to monitor, especially during increased travel in summer months. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

Illinois hospital attributes closure to ransomware attack 20/06/2023 at 16:10 By In what seems to be the first announcement of its kind, two rural healthcare facilities closed last week citing a ransomware attack as part of the reasons why. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React

React to this headline:

Security culture is only as strong as the weakest link 20/06/2023 at 16:10 By Bad actors target an organization’s most vulnerable touch points to gain access to sensitive data. And too often, these weak links are the organization’s employees. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React

React to this headline:

Honeypot Recon: MSSQL Server – Database Threat Overview 22’/23’ 20/06/2023 at 15:58 By In this article, we’ll reveal botnet behavior before and after a successful attack. These bots have one job: to install malicious software that can mine digital coins or create backdoors into systems. This article is an excerpt from SpiderLabs Blog from Trustwave

React to this headline:

Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices 20/06/2023 at 15:57 By Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage (NAS) devices that could result in the execution of arbitrary commands on affected systems. Tracked as CVE-2023-27992 (CVSS score: 9.8), the issue has been described as

React to this headline:

Security leaders discuss the spread of MOVEIt vulnerability 20/06/2023 at 15:18 By It has been several weeks since the MOVEit vulnerability began making headlines, but the span of organizations and governmental entities being affected by related data breaches have continued to grow.  This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View

React to this headline:

Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer 20/06/2023 at 15:18 By A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. “The operation was active for more than a year with the end goal of compromising credentials and

React to this headline:

SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish 20/06/2023 at 15:18 By The Quick Serve Restaurant (QSR) industry is built on consistency and shared resources. National chains like McDonald’s and regional ones like Cracker Barrel grow faster by reusing the same business model, decor, and menu, with little change

React to this headline:

ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models 20/06/2023 at 12:49 By Taiwanese company ASUS on Monday released firmware updates to address, among other issues, nine security bugs impacting a wide range of router models. Of the nine security flaws, two are rated Critical and six are rated High in severity. One vulnerability

React to this headline:

Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces 20/06/2023 at 11:31 By Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available

React to this headline:

Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign 20/06/2023 at 08:16 By Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign. Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot

React to this headline: