Category: Security

September 5, 2023

CIOs and CISOs have long grappled with the challenge of shadow IT—technology that is being used within an enterprise but that is not officially sanctioned by the IT or security department. According to Gartner research, 41% of employees acquired, modified, […]

August 15, 2023

Discord.io, a service that allowed users to create custom links for their Discord channels, is closing down following a large data breach. A hacker stole the data of 760,000 users, per TechRadar, and has posted a sample on Breached Forums […]

August 14, 2023

It seems that AMD’s issued patch for its Zen 1 “Division by zero” bug wasn’t the end-all, be-all the company wanted it to be. While the company was fast in issuing a patch, there’s now the suspicion that they might’ve […]

August 8, 2023

Hacking passwords by recording the sound of your keystrokes is nothing new, but researchers using AI have been able to do this with much more accuracy. Computer scientists from Durham University, University of Surrey, and Royal Holloway University of London, […]

August 4, 2023

Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the “test” packages on July 31, 2023, said they […]

August 2, 2023

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce’s email services, allowing threat actors to craft targeted phishing messages using the company’s domain and infrastructure. “Those phishing campaigns cleverly evade conventional detection methods by chaining […]

August 2, 2023

Researchers at TU Graz and the Helmholtz Center for Information Security have discovered a novel security gap in all common main processors (CPUs) of computers that can hardly be mitigated. CPUs are designed to run multiple applications simultaneously. This is […]

July 31, 2023

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. “Among the software in question are various instruments […]

July 28, 2023

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific […]

July 24, 2023

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, […]

July 21, 2023

Sensitive information identifying thousands of Roblox creators has been exposed following a data breach impacting attendees at a conference for Roblox developers, which allegedly remained undisclosed by the company for at least two years. As reported by PC Gamer, the […]

July 19, 2023

CNBC writes that Google originally selected over 2,500 employees to take part in the program, but decided to allow participants to opt out – and allow others to volunteer – after looking at the feedback. There are some Googlers who […]

July 19, 2023

U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats. “The threat landscape in 5G is dynamic; due to this, advanced monitoring, auditing, and […]

July 19, 2023

Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, […]

July 18, 2023

The Biden administration is launching a new cybersecurity label for smart devices today. In a press briefing, Federal Communications Commission (FCC) Chair Jessica Rosenworcel said the new label, called the US Cyber Trust Mark, will signify that devices bearing it […]

July 13, 2023

If you practice good digital hygiene, you’re likely installing Windows updates soon after their release date, especially when they’re security-focused. However, hackers are constantly poking and prodding the security of Microsoft’s operating system and devising new ways to bypass any […]

July 12, 2023

Data anonymization is a technique used to protect sensitive or private information by removing or masking any personal identification information that can be used to identify an individual. Yash Mehta of Expersight shares data anonymization tools and use cases that […]

July 11, 2023

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. “Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious […]

July 3, 2023

A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. Cybersecurity firm Check Point said the activity, dubbed SmugX, has been […]

June 30, 2023

The latest alert from the US Cybersecurity & Infrastructure Security Agency (CISA), a Department of Homeland Security agency that deals with cybersecurity and critical infrastructure security, provides an update on the top 25 most dangerous security weaknesses in software products. […]