News
-
"New Jersey, Ohio Join Other States in Banning TikTok From State Devices"New Jersey and Ohio on Monday announced that they were joining other states in banning use of the popular video app TikTok on government-owned and managed devices. New Jersey Governor Phil Murphy stated that in addition to banning the short-video…
-
"Norton, Avira, Avast, AVG Affected by a Privilege Escalation Bug"Multiple Windows antivirus software brands under the multinational software company Gen Digital were vulnerable to a privilege escalation flaw. The vulnerability affected NortonLifelock products, including Norton Antivirus Windows ERASER Engine, Avira…
-
"Kinsing Malware Targets Kubernetes Environments via Misconfigured PostgreSQL"Researchers at Microsoft Defender for Cloud saw threat actors behind the Kinsing cryptojacking operation exploiting poorly configured PostgreSQL containers and using insecure images to gain initial access in Kubernetes environments. Aqua Security…
-
"GitHub Makes It Easier to Scan Your Code for Vulnerabilities""Default setup" is a new code scanning configuration option for GitHub repositories that allows developers to configure automatically with just a few clicks. Although the CodeQL code analysis engine, which drives GitHub's code scanning, supports various…
-
"JsonWebToken Security Bug Opens Servers to RCE"A high-severity vulnerability, tracked as CVE-2022-23529, has been discovered in the popular JsonWebToken (JWT) open-source encryption project. An attacker could use this flaw for Remote Code Execution (RCE) on a target encryption server. The JWT open…
-
"Identity Thieves Exploit Security Flaw to Steal Credit Reports From Experian"The credit reporting company Experian has experienced yet another security breach. Identity thieves obtained credit records by exploiting a security flaw on its website. KrebsOnSecurity revealed that identity thieves are exploiting the Experian website…
-
"New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks"A team of researchers from the University of Sheffield has demonstrated methods that exploit Text-to-SQL models to generate malicious code, which could enable adversaries to extract sensitive data and launch Denial-of-Service (DoS) attacks. Xutan Peng, a…
-
"'Copyright Infringement' Lure Used for Facebook Credential Harvesting"A recently discovered extensive credential-harvesting campaign has hackers leveraging Facebook copyright infringement notices to steal enterprise credentials. According to researchers at Avanan, this latest phishing campaign sends users an email…
-
"Ground-breaking Tech Finally Turns Cybersecurity's Weakest Link to Its Greatest Strength, Says Deakin University"In collaboration with Deakin University, the Tide Foundation has verified a new security paradigm. Tide unravels the question of "who's guarding the guardian?" and undermines the current security idea that implies safeguarding something requires heavily…
-
"Dark Web Actors Fight For Drug Trafficking and Illegal Pharmacy Supremacy"According to new research conducted by Resecurity, the annual sale of illegal drugs on the dark web exceeded $470m in 2022. The company's new report highlights the growth of the shadow economy and new communication methods used by criminals,…
-
"Hackers Target Cryptocurrency Customers by Impersonating Well-Known Employee"Researchers from Division Seven, SafeGuard's threat intelligence division, have detailed how a threat actor targeted clients of a cryptocurrency company they partner with using a social engineering approach with a twist. The hackers pretended to be a…
-
"Serbian Government Reports 'Massive DDoS Attack' Amid Heightened Tensions in Balkans"Multiple major Distributed Denial-of-Service (DDoS) attacks have been launched against the website and Information Technology (IT) infrastructure of the Serbian Ministry of Internal Affairs, according to an announcement by the Serbian government.…