Recent Security News
-
Watch Out: Attackers Are Hiding Malware in ‘Browser Updates’
October 17, 2023 at 12:49PM Threat actors are disguising malware as fake browser updates and spreading it through vulnerable websites. This tactic has been adopted by multiple threat clusters, including TA569. The malicious code is injected into legitimate websites and presents users with convincing browser update notifications. When users click “Update,” they unknowingly download malware.…
-
Prove Identity Snags $40M Funding for ID Verification Tech
October 17, 2023 at 12:30PM New York-based startup Prove Identity, formerly known as Payfone, has raised $40 million in funding led by MassMutual Ventures and Capital One Ventures. The company provides identity verification and authentication technology to banks, retailers, and healthcare institutions, claiming impressive results such as faster onboarding and a reduction in fraud. Prove…
-
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
October 17, 2023 at 12:15PM Nation-state hacking groups are using Discord’s content delivery network (CDN) to target critical infrastructure. While Discord is currently mainly used by information stealers, a cybersecurity firm has found evidence of an artifact targeting Ukrainian critical infrastructure, indicating a potential emergence of APT malware campaigns on the platform. This introduces a…
-
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
October 17, 2023 at 10:51AM Two critical security flaws have been discovered in the CasaOS personal cloud software. These vulnerabilities allow attackers to bypass authentication and gain full access to the CasaOS dashboard. Additionally, attackers can exploit third-party applications to execute arbitrary commands on the system and gain persistent access. The flaws have been addressed…