Vendors
-
New Cyber Threat Emerges as PoisonSeed Targets CRM Accounts
The PoisonSeed campaign is exploiting compromised credentials from CRM tools and email services to send spam containing cryptocurrency seed phrases, endangering businesses and individuals alike.
-
Oracle Acknowledges Data Breach Amid Lawsuit Over Concealment
Oracle Corp. has admitted to a significant data breach, revealing that a hacker accessed sensitive client login details, shortly after a lawsuit accused the company of attempting to cover up the incident. The breach has raised serious concerns about cloud security and has led to legal action amid calls for enhanced security measures.
-
Massive Data Breach at Royal Mail Group Raises Concerns Over Supplier Security
Royal Mail Group has suffered a data breach revealing 144GB of sensitive data, raising alarms over the security of third-party supplier Spectos and highlighting ongoing vulnerabilities within the postal service’s cybersecurity posture.
-
EU Plans to Simplify GDPR in Move to Support Businesses
The European Union is set to revise its General Data Protection Regulation (GDPR) to ease compliance burdens for businesses, as part of efforts under Commission President Ursula von der Leyen. This move aims to enhance the competitive landscape for European enterprises amid growing criticisms regarding the complexity of the current legislation.
-
Security Bypasses Detected in Ubuntu Linux’s User Namespace Restrictions
A new report from Qualys reveals that three security bypasses have been found in Ubuntu Linux’s user namespace restrictions, potentially allowing local attackers to exploit kernel vulnerabilities. Canonical is working on enhancing AppArmor protections in response.
-
Cloudflare Open-Sources OPKSSH to Enhance SSH Management with Single Sign-On Integration
Cloudflare has announced the open-sourcing of OPKSSH, a tool that integrates single sign-on technologies into SSH management, enhancing security and user convenience by replacing long-lived SSH keys with ephemeral keys generated on demand.
-
New Cybercrime Platform Automates Credential Stuffing Attacks on 140 Online Services
The newly discovered Atlantis AIO platform automates credential stuffing attacks against 140 online services, providing cybercriminals with tools to exploit vulnerabilities in systems lacking adequate security measures.
-
Cybersecurity Firm Exposes Ransomware Infrastructure, Protects Victims
Cybersecurity firm Resecurity has successfully infiltrated and dismantled the infrastructure of the BlackLock ransomware gang, providing critical alerts to victims ahead of planned data leaks.
-
Windows Zero-Day Exploit Traced to EncryptHub, Delivering Diverse Malware
EncryptHub is exploiting a critical zero-day vulnerability in Microsoft Windows, deploying a range of malware, including data stealers, as detailed by Trend Micro. This exploit takes advantage of the Microsoft Management Console’s functionality, posing significant risks to users.
