Category: Uncategorized
-
Microsoft: Nation-state activity blurring with cybercrime
Post ContentRead More
-

FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms [email protected] (The Hacker News)
The FIDO Alliance said it’s working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method. To that end, the alliance said it has published a draft for a new set of specifications…
-

From Misuse to Abuse: AI Risks and Attacks [email protected] (The Hacker News)
AI from the attacker’s perspective: See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI: The Reality vs. Hype “AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who…
-
Experts slam Chinese research on quantum encryption attack
Post ContentRead More
-

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware [email protected] (The Hacker News)
The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when…
-

5 Techniques for Collecting Cyber Threat Intelligence [email protected] (The Hacker News)
To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let’s consider five that can greatly improve your threat investigations. Pivoting on С2 IP…
-

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack [email protected] (The Hacker News)
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails. “The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected,” Trend Micro said in a new analysis.…
-

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access [email protected] (The Hacker News)
GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 “An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted…
-

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gainRead…
-
How to define cyber-risk appetite as a security leader
Post ContentRead More
