February 4, 2024 at 10:39AM “Leaky Vessels” vulnerabilities were discovered by Snyk security researcher, allowing hackers to escape containers and access underlying system data. No active exploitation was found, but impacted parties are advised to apply available security updates promptly. The flaws affected runc and Buildkit, impacting Docker, Kubernetes, and more. Patched versions were released … Read more
January 31, 2024 at 11:15AM CISA and the FBI have issued a warning to small office/home office (SOHO) router manufacturers to enhance security against attacks by Chinese state-backed hacking group Volt Typhoon. The agencies urge eliminating vulnerabilities, automating security updates, and safeguarding against Volt Typhoon activity. This follows ongoing attacks targeting U.S. critical infrastructure organizations … Read more
January 25, 2024 at 11:48AM The Pwn2Own Automotive hacking contest at the Automotive World conference in Tokyo has concluded its second day, with overall earnings exceeding $300,000. The Synacktiv team leads with $430,000, notably earning for exploiting Tesla systems. Additional awards were granted to other successful hacking attempts. Day three will involve further hacking attempts. … Read more
January 25, 2024 at 09:03AM EquiLend, a major US securities lender, has suffered a cybersecurity incident leading to unauthorized access to its systems. The company is working to restore services, with experts speculating on the impact of manual operations. Founded in 2001, EquiLend’s Next Generation Trading platform is used by over 120 companies across 40 … Read more
January 25, 2024 at 06:22AM The 2023/2024 Axur Threat Landscape Report analyzes cyber threats from the Surface, Deep, and Dark Web and the impact of geopolitical factors. It highlights a threefold increase in leaked card details, credential leaks, brand misuse, evolving fraud tactics, takedown success rates, Deep & Dark Web insights, and the use of … Read more
January 19, 2024 at 10:00AM The US Justice Department recently charged two Russian nationals for involvement in cybercriminal activities, including hacking retailers Michaels and Neiman Marcus in 2013. Aleksey Stroganov and Tim Stigal are accused of stealing and selling payment card data, causing $35 million in losses. Stroganov’s partner, Roman Seleznev, received multiple prison sentences … Read more
January 17, 2024 at 05:06PM ESET, a leading cybersecurity company, has launched ESET MDR, an innovative solution tailored for SMBs to address evolving cybersecurity challenges. The service combines AI-powered automation, human expertise, and comprehensive threat intelligence to provide unmatched threat detection and incident response. This offering will help SMBs enhance their security postures and meet … Read more
January 16, 2024 at 05:36AM Volexity has observed widespread exploitation of two zero-day vulnerabilities in Ivanti Connect Secure VPN appliances by threat actors, including the group UTA0178. These vulnerabilities allow attackers to execute arbitrary commands and compromise internal networks. While the attacks were initially targeted, they have now become widespread, affecting organizations globally, particularly in … Read more
January 10, 2024 at 01:09PM AI/ML libraries increase attack surfaces, requiring advanced security measures beyond traditional IT capabilities. Based on the meeting notes, the key takeaway is that AI/ML libraries create larger attack surfaces, and traditional IT security lacks some essential capabilities to protect them effectively. Full Article
January 10, 2024 at 08:33AM Kyocera Device Manager vulnerability enables attackers to capture credentials and compromise accounts. As a result, enterprise credentials are exposed, posing a security risk. Based on the meeting notes, it appears that there is an improper input validation flaw in the Kyocera Device Manager. This vulnerability allows attackers to capture credentials … Read more