cybersecurity

Join Our Webinar on Protecting Human and Non-Human Identities in SaaS Platforms

by

March 13, 2024 at 07:03AM Cybercriminals are increasingly targeting identities within SaaS applications, including human and non-human accounts, leading to data breaches and financial losses. While measures like multi-factor authentication protect human identities, safeguarding non-human identities requires advanced tactics like monitoring tools and automated security checks. Join the webinar to learn about defending SaaS environments … Read more

Fortinet Patches Critical Vulnerabilities Leading to Code Execution

by

March 13, 2024 at 06:33AM Fortinet announced patches for critical vulnerabilities in its network security and management products. The flaws, including CVE-2023-42789 and CVE-2023-48788, could lead to code execution and were resolved in various product versions. Additionally, high-severity and medium-severity bugs were also patched. Users are urged to apply the patches promptly to avoid potential … Read more

‘PixPirate’ RAT Invisibly Triggers Wire Transfers From Android Devices

by

March 13, 2024 at 06:04AM PixPirate is a sophisticated Brazilian banking Trojan targeting Android devices. It exploits the Pix app for bank transfers in Brazil and employs a deceptive method to conceal its presence, allowing it to steal login credentials and execute unauthorized transfers. The malware’s advanced capabilities and hiding technique present potential concerns for … Read more

Israeli Universities Hit by Supply Chain Cyberattack Campaign

by

March 13, 2024 at 03:05AM Iranian hacktivists executed a supply chain attack on Israeli universities by breaching a local technology provider, Rashim Software, and accessing universities’ systems. Op Innovate confirmed the exposure of student data and identified weak access controls and email-based authentication as contributing to the breach. The incident highlights the risk of supply … Read more

Microsoft’s March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

by

March 13, 2024 at 02:03AM Microsoft released a monthly security update addressing 61 vulnerabilities, including 2 critical issues in Windows Hyper-V with potential for denial-of-service and remote code execution. None of the flaws were publicly known or under active attack, but updates were also made to the Chromium-based Edge browser. Other vendors have also released … Read more

GAO: CISA’s OT Teams Inadequately Staffed

by

March 12, 2024 at 06:27PM The GAO study found that some teams at CISA were inadequately staffed in providing OT products and services. While most entities had positive experiences, there were complaints about insufficient staff, such as four federal employees and five contractors for threat hunting and incident response. Staff shortages resulted in unmet requests, … Read more

Stanford: Data of 27,000 people stolen in September ransomware attack

by

March 12, 2024 at 03:52PM Stanford University reported a ransomware attack on its Department of Public Safety (SUDPS) network, compromising personal information of 27,000 individuals. The breach occurred between May 12 and September 27, 2023. Stolen data included sensitive details like Social Security numbers and health/medical information. The Akira ransomware gang claimed responsibility and leaked … Read more

Acer confirms Philippines employee data leaked on hacking forum

by

March 12, 2024 at 03:37PM Acer Philippines confirmed a data breach by a third-party vendor, leading to leaked employee data on a hacking forum. The company stated no direct breach of its systems and reassured no customer data was affected. Acer is working with cybersecurity experts and law enforcement in response to the incident. Multiple … Read more

Google Paid Out $10 Million via Bug Bounty Programs in 2023

by

March 12, 2024 at 02:04PM Google announced a $10 million payout in 2023 for its bug bounty programs, totaling $59 million since 2010. 632 researchers from 68 countries earned rewards, with the highest single payout at $113,337. $3.4 million was awarded for Android vulnerabilities, with increased maximum rewards. Google’s bug bounty payouts are comparable to … Read more

JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

by

March 12, 2024 at 12:34PM JetBrains and Rapid7 are embroiled in a public dispute over a software vulnerability disclosure. Following Rapid7’s detailed disclosure of vulnerabilities in TeamCity, JetBrains accused them of unethical actions which led to ransomware attacks. The spat highlights the need for clear disclosure norms in the infosec space to protect customers and … Read more