News
-
Spear-Phishing Campaign Targets CFOs with Advanced Techniques
A sophisticated spear-phishing campaign has been identified, targeting CFOs across various sectors with the aim of deploying a legitimate remote access tool, Netbird, to gain unauthorized access to sensitive financial systems.
-
Cisco IOS XE Flaw Exposes Devices to Security Risks
A recently disclosed vulnerability in Cisco IOS XE software allows unauthorized remote access, potentially exposing devices to significant security risks. Cisco and independent researchers urge immediate actions for mitigation.
-
New Vulnerabilities Discovered in Linux Core Dump Handlers Pose Security Risks
Two vulnerabilities in Linux core dump handlers could allow local attackers to access sensitive information, prompting security warnings from Qualys and other vendors. Mitigation measures are being recommended to protect user data.
-
China-Linked Hackers Target South Asian Organizations Through Critical SAP Vulnerability
A China-linked hacker group known as Earth Lamia has successfully exploited a critical SAP vulnerability, targeting numerous organizations in South Asia and expanding their tactics beyond financial sectors to include IT and governmental entities.
-
ConnectWise Reports Cyber Attack Linked to Nation-State Actors
ConnectWise has disclosed a cyber attack likely orchestrated by a nation-state actor, affecting some ScreenConnect customers. The firm is investigating the breach with the help of Google Mandiant while assuring customers of enhanced security measures.
-
Cybercriminals Exploit Popular AI Tools to Distribute Ransomware and Malware
Cybercriminals are exploiting popular AI tools to distribute ransomware and malware, including CyberLock and Lucky_Gh0$t. A report by Cisco Talos highlights the tactics used to lure victims through fake installations of AI solutions, increasing the urgency for enhanced cybersecurity measures.
-
Security Flaw in Safari Allows Fullscreen Browser-In-The-Middle Attacks
A new vulnerability in Apple’s Safari web browser exposes users to fullscreen browser-in-the-middle attacks, allowing cybercriminals to steal account credentials. SquareX researchers warn that this vulnerability particularly affects Safari, which lacks adequate user alerts when entering fullscreen mode, increasing the risk of such attacks.
-
New Malware Variant Uses Corrupted Headers to Evade Detection
Fortinet researchers have discovered a new strain of malware that evades detection by manipulating its DOS and PE headers, effectively functioning as a remote access trojan capable of controlling infected systems.
-
LexisNexis Reports Data Breach Impacting Over 364,000 Individuals
LexisNexis Risk Solutions has disclosed a data breach impacting over 364,000 individuals, revealing that personal information such as names and Social Security numbers was stolen from a GitHub account. The company emphasized that no financial information was compromised and is offering two years of free identity protection to those affected.
-
Security Flaw in OneDrive File Picker Exposes Users to Risks
A recently discovered vulnerability in Microsoft’s OneDrive File Picker may allow third-party apps to access users’ entire OneDrive storage without their clear consent, posing significant risks of data exposure and compliance violations.
