-
"AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services"AlienFox, a new toolset enabling threat actors to harvest credentials from Application Programming Interface (API) keys and secrets from popular cloud service providers, is being distributed on Telegram. Alex Delamotte, a security researcher at…
-
"3CX Customers Targeted via Trojanized Desktop App"Several cybersecurity companies have warned that the official Windows desktop app for the widely used 3CX softphone solution has been trojanized by malicious actors suspected to be state-sponsored. 3CX is Private Automatic Branch Exchange (PABX) software…
-
"Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug"There is a critical bug in IBM's popular Aspera Faspex file transfer stack that enables the execution of arbitrary code. This bug is attracting an increasing number of cybercriminals, including ransomware gangs, as organizations fail to patch it. Rapid7…
-
"Companies Struggle to Protect against Insider Risks"Even though over 70 percent of companies claim to have an Insider Risk Management (IRM) program, a new report from Code42 Software found that data loss incidents increased by 32 percent among the same organizations. Based on a survey of 700 cybersecurity…
-
"Google TAG Shares Details about Exploit Chains Used to Install Commercial Spyware"Google's Threat Analysis Group (TAG) released information regarding two different attack campaigns involving the exploitation of multiple zero-day flaws against Android, iOS, and Chrome. According to researchers, both campaigns were limited and highly…
-
"Attacks Targeting APIs Increased By 400% in Last Six Months"Security researchers at Salt Security have discovered that attacks targeting application programming interfaces (APIs) have increased by 400% in the last six months. The researchers also found that 80% of these attacks happened over authenticated…
-
"Clop Ransomware Group Exploits GoAnywhere MFT Flaw"
The ransomware gang known as Clop has been observed exploiting a pre-authentication command injection vulnerability (CVE-2023-0669) in Fortra's file transfer solution GoAnywhere MFT. The high-severity vulnerability has a CVSS:3.1 score of 7.2 and…
-
Spotlight on Lablet Research #40 - Reasoning about Accidental and Malicious Misuse via Formal MethodsSpotlight on Lablet Research #40 - Reasoning about Accidental and Malicious Misuse via Formal Methods
-
SoS Musings #71 - Security and Privacy for Blind and Low-Vision People
SoS Musings #71 - Security and Privacy for Blind and Low-Vision People
-
-
Cyber Scene #78 - U.S. on China’s TikTok: Tempus Fugit
Cyber Scene #78 - U.S. on China’s TikTok: Tempus Fugit
-
"Just 1% of Cloud Permissions Are Actively Used"
According to security researchers at Microsoft, a surge in workload identities, super admins, and “over-permissioning” is driving increased cyber risk for organizations running cloud infrastructure. The researchers calculated that over 40,000…
News