Recent Security News
-
This is why we update… Data-thief malware exploits unpatched Windows PCs
January 12, 2024 at 07:00PM Criminals exploit Windows Defender SmartScreen bypass vulnerability to spread Phemedrone Stealer malware, targeting sensitive data on PCs. The flaw CVE-2023-36025 was patched by Microsoft in November, but a proof-of-concept exploit has been created. The malware targets various browsers, applications, and cryptocurrency wallets, and uses obfuscation techniques to evade detection. Update…
-
Former Secretary of State Mike Pompeo Joins Cyabra Board of Directors
January 12, 2024 at 06:12PM Cyabra, a leading counter-disinformation company, appoints former Secretary of State Mike Pompeo to its Board of Directors due to strong revenue growth and successful funding. Pompeo’s strategic expertise complements Cyabra’s goal to counter disinformation. The company also secures a $5.7 million Series A extension round to support research, development, and…
-
SEC X Account Hack Draws Senate Outrage
January 12, 2024 at 05:43PM Senators Wyden and Lummis have criticized the SEC for its failure to implement basic multifactor authentication (MFA) protections following the compromise of the X Twitter account. They have urged the Inspector General to investigate this cybersecurity lapse, emphasizing the potential impact on market stability and trust. The SEC’s failure to…
-
CISA Adds 9.8 ‘Critical’ Microsoft SharePoint Bug to its KEV Catalog
January 12, 2024 at 05:43PM The Cybersecurity and Infrastructure Security Agency (CISA) added a critical privilege escalation vulnerability, CVE-2023-29357, affecting Microsoft SharePoint servers to its list of Known Exploited Vulnerabilities (KEV). This vulnerability, rated 9.8 out of 10, allows attackers to bypass authentication and gain administrative access. Despite a June patch, active exploitation continues, as…
-
GitLab Releases Updates to Address Critical Vulnerabilities
January 12, 2024 at 05:43PM GitLab releases versions 16.7.2, 16.6.3, and 16.5.6 to address critical vulnerabilities. These include an authentication issue allowing unverified email password resets and a vulnerability enabling slash command abuse in Slack/Mattermost. Other vulnerabilities affect code approval, workspace creation, and signed commit metadata. GitLab urges upgrading and enabling two-factor authentication. Based on…