Recent Security News
-
Google Chrome’s new cache change could boost performance
December 2, 2023 at 11:54AM Google Chrome is changing how its Back/Forward Cache works by ignoring the “Cache-control: no-store” header on HTTPS pages, allowing such pages to be cached for faster navigation. This move aims to improve browsing speed by enabling instant page restoration, though it raises concerns about outdated data and broken developer assumptions…
-
US Health Dept urges hospitals to patch critical Citrix Bleed bug
December 2, 2023 at 11:54AM The HHS alerted U.S. healthcare organizations to patch the ‘Citrix Bleed’ vulnerability (CVE-2023-4966), as it’s actively exploited by ransomware gangs, bypassing security controls. Citrix and federal agencies urged immediate action. Despite a fix released in October, over 10,000 servers remain at risk, threatening the Health sector. Meeting Takeaways: 1. **Urgent…
-
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.
December 2, 2023 at 03:48AM Unknown attackers have targeted various sectors in the Middle East, Africa, and the U.S. with Agent Raccoon backdoor malware, using DNS for covert communication. Palo Alto Networks is investigating the attacks, which involve other tools like Mimilite and Ntospy and are potentially linked to nation-state actors. No specific threat actor…
-
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
December 2, 2023 at 03:06AM A Russian developer, Vladimir Dunaev, was convicted of creating TrickBot malware, which caused over $3.4 million in damages. Arrested in 2021 and facing up to 35 years in prison, he’s the second TrickBot member apprehended after cybercrime sanctions by the UK and US. TrickBot evolved since 2016, leading to significant…
-
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
December 1, 2023 at 09:58PM The FBI, CISA, NSA, EPA, and INCD issued a joint advisory about Iranian IRGC-affiliated cyber actors targeting operational technology, specifically Israeli-made Unitronics PLCs used in critical sectors in the US. Since November 2023, these actors have exploited poor security, primarily default passwords, to deface and potentially disrupt systems. Mitigations include…