October 8, 2024 at 08:36AM Malicious browser extensions are evading Google’s latest Chrome Web Store security, posing significant risks to individuals and organizations. Researchers showcased the ability to steal data and manipulate permissions. While Google aims to enhance privacy and security with Manifest V3, vulnerabilities still exist. Companies are advised to review and restrict browser … Read more
September 17, 2024 at 03:45PM Hackers are using brute-force tactics to obtain passwords for highly privileged accounts on Foundation accounting servers, common in the construction industry, in order to infiltrate corporate networks. Based on the meeting notes, it appears that hackers are using brute force methods to crack passwords for important accounts on Foundation accounting … Read more
September 13, 2024 at 06:21AM A newly discovered Android malware, Vo1d, has infected 1.3 million TV boxes running older Android versions. The backdoor malware can fetch and install additional software, exploiting system vulnerabilities. It poses as legitimate OS components and targets countries worldwide. Doctor Web suspects attacks via unofficial firmware or intermediate malware. Google has … Read more
September 9, 2024 at 08:24AM GenAI has become essential for productivity, but also poses security risks due to employees sharing sensitive information. To address this, organizations can identify and protect sensitive data, set restrictions, and utilize GenAI DLP tools to monitor and control data input. A webinar by LayerX offers insights and best practices for … Read more
August 30, 2024 at 02:42AM Threat actors are exploiting a patched critical security flaw in Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining. The flaw, CVE-2023-22527, allows unauthenticated attackers to achieve remote code execution. At least three different threat actors are exploiting this vulnerability using various methods. Users are advised to … Read more
July 30, 2024 at 11:08AM DigiCert is warning of mass-revoking SSL/TLS certificates due to a bug in domain verification, affecting around 0.4% of certificates issued between August 2019 and June 2024. The bug, involving the absence of an underscore in CNAME records, could lead to security risks. DigiCert has taken corrective actions and impacted customers … Read more
July 29, 2024 at 09:06AM Google apologized for an incident that affected its password manager for millions of Windows users, coinciding with Windows administrators mitigating the impact of a faulty CrowdStrike update. The issue, limited to Windows users on the M127 version of Chrome, prevented them from accessing saved passwords. The incident underscores the risks … Read more
May 10, 2024 at 10:06AM The focus on cybersecurity is often on prevention, but breaches are inevitable, typically due to human error. To minimize damage after a breach, security leaders should: gather identity data for containment, provide temporary accounts, enforce accountability from executive level, and implement recovery strategies like incident response planning and comprehensive cybersecurity … Read more
April 11, 2024 at 02:30PM The cloud platform’s 8-year-old version was compromised by attackers to distribute malware capable of taking over infected systems. It seems like there was a discussion in the meeting about attackers compromising an 8-year-old version of a cloud platform to distribute malware that can take over infected systems. Are there any … Read more
April 11, 2024 at 12:52PM A 6-year-old vulnerability in Lighttpd web server used in Baseboard Management Controllers, overlooked by vendors like Intel and Lenovo, could lead to memory exfiltration, bypassing protection mechanisms. Binarly discovered a heap out-of-bounds read vulnerability and vendors missed the fix, leading to a massive number of vulnerable devices, with impacted models … Read more