News
-
"Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data"Video surveillance giant Hikvision recently informed customers that it has patched a critical vulnerability affecting its Hybrid SAN and cluster storage products. The vulnerability tracked as CVE-2023-28808 has been described by the vendor as an…
-
"Stolen Card Volumes Plummet 94% Globally"According to security researchers at Cybersixgill, the volume of compromised credit cards offered for sale on cybercrime markets has dropped sharply over the past few years, although UK figures rose. The security firm collects 10 million "…
-
"KYOCERA Android App With 1M Installs Can Be Abused to Drop Malware"A KYOCERA Android printing app has been found to be vulnerable to improper intent handling, which enables malicious apps to exploit the vulnerability to download and potentially install malware on affected devices. According to a security advisory…
-
"NSA, US and International Partners Issue Guidance on Securing Technology by Design and Default"The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI are collaborating with the cybersecurity agencies of international partners to encourage the development of…
-
"DDoS Alert Traffic Reaches Record-Breaking Level of 436 Petabits in One Day"According to NETSCOUT, HTTP/HTTPS application-layer attacks have increased by 487 percent since 2019, with the most significant increase occurring in the second half of 2022. Much of the increase stems from the pro-Russian group Killnet and other groups…
-
"New Python-Based 'Legion' Hacking Tool Emerges on Telegram"Legion, a new Python-based credential harvester and hacking tool, is being marketed via Telegram as a means for threat actors to infiltrate different online services for further abuse. Cado Labs reports that Legion includes modules for enumerating…
-
"FBI & FCC Warn on 'Juice Jacking' at Public Chargers, but What's the Risk?"Government agencies warn that malware planted in public charging stations for phones and other electronic devices can infiltrate devices. The FBI Denver office advised the public on April 6 to avoid using free charging stations in airports, hotels, and…
-
"Security Analytics: Using SiLK and Mothra to Identify Data Exfiltration via the Domain Name Service"Various modern network threats involve the exfiltration of data through the misuse of network services. In order to detect such threats, analysts monitor data transfers out of the organization's network, specifically data transfers that occur via network…
-
"Russians Hijack Cameras in Ukraine Coffee Shops to Monitor Western Aid, Says Official"Rob Joyce, the Director of Cybersecurity at the National Security Agency (NSA), stated that Russian hackers had accessed private security cameras in Ukrainian coffee shops in order to gather information on passing aid convoys. The cybersecurity official…
-
"Vulnerable Cloud Attack Surface Grows Almost 600 Percent"JupiterOne, a company specializing in cyber asset visibility and management, has released a new report showing that the number of enterprise cyber assets has increased by 133 percent, from an average of 165,000 in 2022 to 393,419 in 2023. The report…
-
"DDoS Attacks Shifting to VPS Infrastructure for Increased Power"In the first quarter of 2023, hyper-volumetric Distributed Denial-of-Service (DDoS) attacks shifted from relying on compromised Internet of Things (IoT) devices to exploiting compromised Virtual Private Servers (VPS). Cloudflare, an Internet…
-
"HashiCorp Vault Vulnerability Could Lead To RCE, Patch Today!"Oxeye found a new security flaw, tracked as CVE-2023-0620, in the HashiCorp Vault Project, an identity-based secrets and encryption management system used to control access to Application Programming Interfaced (API) encryption keys, passwords, and…