Recent Security News
-
Discord adds Security Key support for all users to enhance security
December 14, 2023 at 01:27PM Discord has launched the security key multi-factor authentication (MFA) feature for all users, offering enhanced security and anti-phishing benefits. Users can now utilize WebAuthn to replace legacy MFA systems, providing protection against credential theft. This feature allows for secure and convenient logins using biometrics and physical security keys, making it…
-
U.S. nuclear research lab data breach impacts 45,000 people
December 14, 2023 at 01:06PM Attackers breached Idaho National Laboratory’s (INL) Oracle HCM HR management platform, compromising data of 45,047 individuals including employees, dependents, and spouses. The breach included sensitive personal information, such as social security numbers and banking details, but did not affect the lab’s network. A hacking group claimed responsibility and leaked the…
-
Reimagining Network Pentesting With Automation
December 14, 2023 at 12:54PM Network penetration testing is vital in cybersecurity, yet misconceptions impact its role. This blog serves as a guide, explaining the process, debunking myths, and highlighting its significance. It encompasses internal and external testing differences, process stages, common misconceptions, and the comparison between manual and automated testing. It emphasizes the importance…
-
Iran-Linked ‘OilRig’ Cyberattackers Target Israel’s Critical Infrastructure, Over & Over
December 14, 2023 at 11:28AM Iranian APT group OilRig has targeted Israeli organizations in 2022 through cyberattacks leveraging custom downloaders. These downloaders, using legitimate Microsoft cloud services, facilitated command-and-control communications and data exfiltration. ESET researchers warned that OilRig’s continuous development of new variants makes them a formidable threat, specializing in cyber espionage primarily in the…
-
Ledger dApp supply chain attack steals $600K from crypto wallets
December 14, 2023 at 11:25AM Ledger warns users not to use web3 dApps after a supply chain attack compromised their “Ledger dApp Connect Kit” library, causing a JavaScript wallet drainer to steal $600,000 in crypto and NFTs. The company removed the malicious version, uploaded a clean version, and advised users to clear sign transactions and…