Mystic Valley Elder Services (MVES) recently announced that it suffered a data breach that affected many individuals. The company is a Massachusetts-based non-profit that provides health and other services to the elderly and people with disabilities.
Yahoo’s vulnerability research team has recently identified nearly a dozen flaws in OpenText’s NetIQ iManager product, including some that could have been chained for unauthenticated remote code execution. The research team discovered 11 vulnerabilities that could have been exploited individually for cross-site request forgery (CSRF), server-side request forgery (SSRF), remote code execution (RCE), arbitrary file upload, authentication bypass, file disclosure, and privilege escalation.
Capture the Flag Challenge! Teams of up to 4 students will compete virtually in one 7-hour round of Cybersecurity CTF to take home the title and great cash prizes of up to $200/person!
According to security researchers at SonicWall, global threat actors have been ramping up attacks on government targets, with a triple-digit annual increase in malware-driven attempts to compromise victims in the first three months of the year. Alongside the 236% year-on-year (YoY) increase in Q1 2024, the researchers recorded a 27% annual increase in government attacks in the month leading up to the US election. The researchers claimed that recorded DDoS attacks are on track to surpass last year’s figure by 32%.
"The annual OODAcon event brings together the hackers, thinkers, strategists, disruptors, leaders, technologists, and creators with one foot in the future to discuss the most pressing issues of the day and provide insight into the ways technology is evolving.
Our theme for OODAcon 2024 is: Convergence
By grigby1
By grigby1
Researchers have revealed a new browser attack called "CrossBarking" that exploits "private" Application Programming Interfaces (APIs) in Opera to gain control over victims' browsers. CrossBarking involves running malicious code in the context of websites that have access to private APIs. This can be done through a Cross-Site Scripting (XSS) vulnerability or malicious browser extension. This article continues to discuss the CrossBarking browser attack.
Microsoft warns of a large-scale spear-phishing campaign attributed to the Russian state-sponsored threat actor "Midnight Blizzard." According to Microsoft, the campaign has targeted thousands of users in over 100 organizations across government, defense, academia, and other sectors, mainly in the US and Europe. This article continues to discuss the new spear-phishing campaign by Russia's Midnight Blizzard.
The North Korean state-sponsored hacking group "Andariel" has been attributed to a "Play" ransomware operation. According to Palo Alto Networks' Unit 42, Andariel may be a Play affiliate or an Initial Access Broker (IAB) facilitating the malware launch on a network they breached months earlier. Andariel is a state-sponsored Advanced Persistent Threat (APT) group linked to North Korea's Reconnaissance General Bureau, a military intelligence agency. This article continues to discuss the connection between Andariel and Play ransomware.