Latest Cybersecurity News and Articles
25 July 2024
The critical vulnerability in Docker Engine, identified as CVE-2024-41110 with a severity score of 10/10, was first discovered in 2018 and reappeared due to a missed patch in January 2019. It allows attackers to bypass authorization plugins.
25 July 2024
The 2024 Mid-Year Cyber Threat Report from SonicWall revealed a 30% increase in malware-based threats compared to 2023, with a significant spike in attacks from March to May, including 78,923 new variants observed in the first half of 2024.
25 July 2024
Stargazer Goblin has been distributing various malware families like Atlantida Stealer, Lumma, and Rhadamanthys, since at least August 2022. The threat actor charges users to "star" repositories with fake accounts, increasing their credibility.
25 July 2024
Vanta's Series C funding was led by Sequoia Capital. Other participating investors include Growth Equity at Goldman Sachs Alternatives and J.P. Morgan, along with existing partners like Atlassian Ventures and Y Combinator.
25 July 2024
BlackMeta, known for targeting organizations in Israel, UAE, and the US, used a cybercrime service called InfraShutdown to target a UAE bank for $500-$625 a week. The attach lasted 100 hours in total.
25 July 2024
While the specifics for security testing vary for applications, web applications, and APIs, a holistic and proactive applications security strategy is essential for all three types. There are six core types of testing that every security professional should know about to secure their applications, regardless of what phase they are in in development or deployment.
In this article, we will
25 July 2024
Lakera has raised $20 million in a Series A funding round. Led by European VC Atomico, with participation from Citi Ventures, Dropbox Ventures, and existing investors including redalpine, this investment brings Lakera’s total funding to $30 million.
25 July 2024
Several major Russian banks were hit by DDoS attacks that disrupted their mobile apps and websites. State-owned VTB and Russian Agricultural Bank confirmed the attacks, with VTB attributing it to a foreign source.
25 July 2024
Infisical is an open-source secret management platform used by developers to centralize application configurations and secrets like API keys and database credentials, as well as manage internal PKI.
25 July 2024
The Braodo Stealer, a Vietnamese-based malware, is infiltrating victims' systems to steal sensitive information like credentials and banking details for identity theft and financial harm.
25 July 2024
Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams.
"These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals," the company said. "They targeted primarily adult men in the U.S. and used fake accounts to mask
25 July 2024
The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both
25 July 2024
ICANN has warned the Chinese company responsible for the “.top” domain registry to improve its system for managing phishing reports or risk losing its license. ".top" was found to be a popular choice for phishing websites, behind only “.com.”
25 July 2024
Research conducted by Check Point has revealed how fraudsters are exploiting legitimate blockchain protocols to carry out sophisticated scams. The Uniswap Protocol and Safe.global are among the platforms targeted by these attackers.
25 July 2024
Okta Browser Plugin versions 6.5.0 through 6.31.0 are vulnerable to cross-site scripting, prompting users to save credentials in Okta Personal. The issue was fixed in version 6.32.0 for Chrome, Edge, Firefox, and Safari.
25 July 2024
Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner.
Tenable has given the vulnerability the name ConfusedFunction.
"An attacker could escalate their privileges to the Default Cloud Build Service Account and
25 July 2024
The attackers are primarily targeting High-Value Targets (HVTs) in key infrastructure cities like Edinburgh and Dublin. Over half of the attack IPs are from Moscow, with the rest traced back to Amsterdam and Brussels.
25 July 2024
The vulnerabilities are as follows: CVE-2012-4792, a decade-old vulnerability in Internet Explorer allowing remote code execution, and CVE-2024-39891, an information disclosure flaw in Twilio Authy.
25 July 2024
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances.
Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.
"An attacker could exploit a bypass using an API request with Content-Length set
25 July 2024
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition.
"A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and