Recent Security News
-
21 New Mac Malware Families Emerged in 2023
January 3, 2024 at 07:42AM In 2023, 21 new malware families targeting macOS systems were discovered by security researcher Patrick Wardle, representing a 50% increase from 2022. Wardle’s blog post provides detailed analysis of each family’s characteristics and their potential impact on Apple devices. Notable threats include ransomware, infostealers, APT-developed malware, and variations of existing…
-
Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack
January 3, 2024 at 06:18AM Xerox Business Solutions experienced a data breach limited to its US operations, containing personal information. The company will notify affected individuals but hasn’t confirmed the impact on clients, employees, or partners. The ransomware gang Inc Ransom claimed responsibility, posting stolen documents on a leak site, which Xerox might have prevented…
-
5 Ways to Reduce SaaS Security Risks
January 3, 2024 at 06:18AM As technology adoption becomes more employee-driven and from any location or device, IT and security teams face challenges in managing the expanding SaaS attack surface. CrowdStrike’s report indicates that compromised identities are a leading cause of breaches. Nudge Security offers solutions including real-time SaaS discovery and monitoring, managing OAuth risks,…
-
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails
January 3, 2024 at 06:18AM A new exploitation technique called SMTP smuggling allows threat actors to send malicious emails with fake sender addresses, bypassing security measures. The method exploits vulnerabilities in messaging servers from Microsoft, GMX, and Cisco, impacting SMTP implementations from Postfix and Sendmail. Cisco users are advised to change settings to avoid receiving…
-
Attackers Abuse Google OAuth Endpoint to Hijack User Sessions
January 3, 2024 at 06:08AM Prisma uncovered a critical exploit within an undocumented Google OAuth endpoint, enabling attackers to hijack user sessions and maintain continuous unauthorized access to Google services. The exploit has been integrated into various malware and has continued to evolve, posing a significant threat. CloudSEK has emphasized the need for enhanced cybersecurity…