Latest Cybersecurity News and Articles
20 August 2024
House members John Moolenaar and Raja Krishnamoorthi expressed worries about TP-Link Technologies, the world's top Wi-Fi product provider, being vulnerable to compromised by state-sponsored hackers from China.
20 August 2024
Microsoft has classified the issue as low-severity and has not issued any fixes, except for Teams and OneNote apps. Excel, Outlook, PowerPoint, and Word apps remain vulnerable.
20 August 2024
Authentik is known for its adaptability and flexibility. It seamlessly integrates into existing environments, offering support for various protocols. It simplifies tasks like sign-up and account recovery in applications.
20 August 2024
A recent ransomware attack on Indian payment systems has been traced back to a vulnerability in the widely used Jenkins automation system. The attack targeted a digital payment system used by many Indian banks.
20 August 2024
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan.
"The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
The origins of the backdoor are
20 August 2024
In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the infamous Log4Shell vulnerability as an example, and demonstrates how Application Detection and
20 August 2024
The statement — which came Monday from the FBI, CISA, and the Office of the Director of National Intelligence (ODNI) — specifically attributes the recently announced cyberattack on the campaign of former President Donald Trump to Iranian actors.
20 August 2024
FBI and CISA issued a PSA reassuring the public about the security of the 2024 election cycle against ransomware attacks. While attacks on government networks could cause temporary delays, voting systems' integrity remains intact.
20 August 2024
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster.
"An attacker with command execution in a Pod running within an affected Azure Kubernetes Services cluster could download the configuration used to
20 August 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability, known as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities catalog.
20 August 2024
Phase 1 in October 2024 will require MFA for accessing Azure portal, Microsoft Entra admin center, and Intune admin center, with Phase 2 in early 2025 extending enforcement to Azure CLI, Azure PowerShell, mobile app, and Infrastructure as Code tools.
20 August 2024
Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho.
Enterprise security company Proofpoint is tracking the activity under the name TA453, which overlaps with activity tracked by the broader cybersecurity
20 August 2024
The attack, lasting from Friday to Monday, reached 7.5 billion requests per second, according to Monobank CEO. Despite not impacting operations, the bank collaborated with security services and specialists to manage the flood of internet traffic.
20 August 2024
According to a report by cybersecurity researchers at BforeAI, threat actors used fake social media accounts, stores, ticketing systems, and fraudulent cryptocurrencies to target unsuspecting victims.
20 August 2024
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations.
Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies.
"Blind Eagle has demonstrated adaptability in
20 August 2024
Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information.
"A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs)," AppOmni's Aaron Costello
20 August 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks.
The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution.
"Jenkins Command Line Interface (CLI) contains a
19 August 2024
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.
19 August 2024
The Trump campaign was hacked, and security leaders are sharing their insights.
19 August 2024
A report found that 72% of surveyed cybersecurity professionals in the U.S. have been targeted by cyberattacks in the past 18 months.