News
-
"New UnRAR Vulnerability Could Lead to Zimbra Webmail Hack"Security researchers at Sonar have discovered a new flaw in RARlab’s UnRAR utility that could be exploited to steal emails from individual Zimbra mail user accounts. The path traversal vulnerability, found in the Unix versions of UnRAR, has been…
-
"Azure Service Fabric Vulnerability Can Lead to Cluster Takeover"Microsoft has recently patched a vulnerability that could allow an attacker with access to an Azure Linux container to escalate privileges and take over the entire cluster. The vulnerability is tracked as CVE-2022-30137 and impacts Service Fabric,…
-
"US Plans to Help Universities Protect Security of Research"The US Department of Commerce has announced a new initiative to collaborate with universities to protect potentially sensitive research products from theft by foreign agents. The Commerce Department's assistant secretary for export enforcement, Matthew S…
-
"Ransomware Suspected in Wiltshire Farm Foods Attack"A leading UK producer of frozen ready meals has revealed its systems are currently down after experiencing a serious cyberattack. Wiltshire Farm Foods said on Sunday that it is “currently experiencing severe difficulties” with its computer systems…
-
"California DOJ Data Breach Exposes Personal Information of All Concealed Carry Permit Holders Across State"Personal information of all concealed carry permit holders in California was exposed after the state Department of Justice suffered a data breach. On Tuesday, the Fresno County Sheriff's Office learned of the breach from the California State…
-
"Federal Government Gets Serious About Post-Quantum Encryption Protection"The White House mandated post-quantum cybersecurity (PQC) earlier this year via the National Security Memorandum "Promoting US Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems." In addition, the Quantum Computing…
-
SoS Musings #62 - Increasing the Power of Cybersecurity DeceptionSoS Musings #62 - Increasing the Power of Cybersecurity Deception
-
Cybersecurity Snapshots #31 - Healthcare Organizations Are Being Inundated With CyberattacksCybersecurity Snapshots #31 - Healthcare Organizations Are Being Inundated With Cyberattacks
-
"2022 CWE Top 25 Most Dangerous Software Weaknesses"The Homeland Security Systems Engineering and Development Institute, sponsored by the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE, has released a list of the top 25 most dangerous…
-
"New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators"Researchers at Intezer have discovered a new data-stealing malware dubbed YTStealer that targets YouTube content creators by stealing their authentication cookies. The malicious tool is likely sold as a service on the dark web, and it is distributed via…
-
"Amazon Quietly Patches 'High Severity' Android Photos App Vulnerability"Researchers at cybersecurity firm Checkmarx alerted Amazon about a high severity vulnerability affecting the Amazon Photos Android app in December. The app contained a flaw that allowed attackers to steal a user's Amazon access token, which is required…
-
"CISA-Funded Project Enables Students With Disabilities to Learn Cybersecurity"Cybersecurity workforce development organization CYBER.ORG recently announced the launch of Project Access, a national effort to provide cybersecurity education to blind and visually impaired students. The new project is funded by the Cybersecurity…