March 5, 2024 at 01:10PM The RA World ransomware group, formed in April, has significantly expanded its attack scope. Targeting global organizations, the group recently launched sophisticated cyberattacks, notably in Latin America’s healthcare sector. With a focus on the US and adoption of double-extortion tactics, it poses a major threat, emphasizing the need for robust … Read more
January 4, 2024 at 04:08PM An unknown group has targeted a zero-day vulnerability in Apache’s OfBiz enterprise resource planning framework, allowing attackers to access sensitive information and remotely execute code. The incident underscores the importance of thorough patch analysis, as attackers often find ways to bypass software fixes. Similar patch failures have been seen with … Read more
December 22, 2023 at 03:14PM Attackers have exploited five vulnerabilities, including four zero-days, in a sensitive Windows kernel-level driver, exposing a systemic issue in Windows CLFS. The high-performance logging system, favored by hackers for low-level system privileges, suffers from design flaws, leading to a series of easily exploited bugs. Without redesign, it poses ongoing security … Read more
December 13, 2023 at 01:30PM Major AI software vendors have joined the Cloud Security Alliance’s AI Safety Initiative to develop trusted best practices for generative-AI technology. Participants include heavyweights Microsoft, Amazon, Google, OpenAI, and Anthropic. The initiative aims to create security best practices for AI deployment and facilitate responsible adoption. Cybersecurity executive Caleb Sima chairs … Read more
November 15, 2023 at 09:57AM Microsoft has released patches and guidance for a high-severity vulnerability in Azure CLI that could expose sensitive information. The bug allowed certain Azure CLI functions to inadvertently expose secrets through CI/CD logs, potentially compromising plaintext passwords and usernames. Microsoft has made changes to Azure CLI commands to address the issue … Read more
October 16, 2023 at 01:12AM Threat actors are using Binance’s Smart Chain (BSC) contracts to host and deliver malicious code, making it difficult to detect and stop their attacks. The campaign, known as EtherHiding, leverages compromised WordPress sites to deceive users into downloading malware through fake browser update notices. The decentralized nature of blockchain makes … Read more