February 17, 2024 at 10:56AM Google is testing a new feature to prevent malicious websites from attacking devices and services on a user’s internal, private networks through their browser. The proposed “Private Network Access protections” in Chrome 123 will conduct checks before directing a browser to visit sites within the user’s private network, aiming to … Read more
January 28, 2024 at 12:17PM Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to access arbitrary files have been made public. SonarSource discovered two flaws, one granting unauthorized file reading and the other enabling arbitrary command execution. Jenkins released fixes with advisory and PoCs have been created, with reported active attacks. … Read more
January 26, 2024 at 08:15AM CISA warned that Westermo Lynx industrial switches are vulnerable to eight flaws, with potential for remote exploitation and device tampering. Spanish cybersecurity researchers identified the flaws, including cross-site scripting and code injection. Although some vulnerabilities are challenging to exploit, the company is addressing the issues with a patch for CSRF … Read more
January 21, 2024 at 03:15PM Brave Software plans to discontinue the ‘Strict’ fingerprinting protection mode in its privacy-focused Brave Browser due to its negative impact on website functionality. The mode, designed to enhance user privacy, causes issues for roughly 0.5% of users, making them more susceptible to tracking. The change aims to prioritize efficiency and … Read more
January 17, 2024 at 01:21PM The FBI and CISA have issued an alert about a malware campaign targeting Apache webservers and websites using the Laravel Web application framework. The campaign aims to steal credentials for high-profile applications such as AWS, Microsoft 365, Twilio, and SendGrid. The threat actors use a known malware called “Androxgh0st” to … Read more
January 15, 2024 at 11:44AM The Guardio Labs research team has revealed a security flaw, dubbed MyFlaw, in the Opera web browser for Windows and macOS, allowing execution of files on the operating system. The flaw exploits the My Flow feature, prompting updates on Nov 22, 2023, to address it. The vulnerability emphasizes the need … Read more
January 9, 2024 at 12:38PM A group affiliated with the Turkish government has increased politically driven cyber-espionage activities targeting Kurdish opposition groups in Europe, the Middle East, and North Africa. Sea Turtle, previously dormant, has resurfaced, carrying out campaigns targeting organizations in the Netherlands. The attacks focus on reaching websites associated with Kurds and the … Read more
December 29, 2023 at 09:30AM Albanian government institutions and telecom company One Albania were recently hit by cyber attacks, according to the country’s cyber security authority. One Albania assured that its services were unaffected. The attacks, attributed to an Iranian hacker group, have prompted a review and strengthening of cyber security strategies. This follows previous … Read more
December 22, 2023 at 12:42PM A rogue WordPress plugin discovered by threat hunters poses a Magecart campaign threat, creating bogus admin users and injecting malicious code to steal credit card data. The plugin hides in the mu-plugins directory and enables sustained access to the target. This revelation comes amid growing concerns about digital skimming and … Read more
December 21, 2023 at 08:33AM ESET releases patches to fix a high-severity vulnerability in its endpoint and server security products. The flaw, CVE-2023-5594, affected the SSL/TLS protocol scanning feature and could make web browsers trust untrustworthy sites. The patch is automatically rolling out via product updates since November 21, with no user interaction required. ESET … Read more