Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. […]
CISA urges tech manufacturers to stop using default passwords
Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords. […]
3CX warns customers to disable SQL database integrations
VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability. […]
Ransomware gang behind threats to Fred Hutch cancer patients
The Hunters International ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Cancer Center (Fred Hutch) that resulted in patients receiving personalized extortion threats. […]
Box cloud storage down amid ‘critical’ outage
Cloud storage provider Box.com is suffering an outtage preventing customers from accessing their files. […]
Delta Dental says data breach exposed info of 7 million people
Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. […]
New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon.
Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the malicious network is an amalgamation of two complementary activity
Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the malicious network is an amalgamation of two complementary activity
Crypto Hardware Wallet Ledger’s Supply Chain Breach Results in $600,000 Theft
Crypto hardware wallet maker Ledger published a new version of its “@ledgerhq/connect-kit” npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets.
The compromise was the result of a former employee falling victim to a phishing attack, the company said in a statement.
This allowed the attackers to gain
The compromise was the result of a former employee falling victim to a phishing attack, the company said in a statement.
This allowed the attackers to gain
CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector
Bug or Feature? Hidden Web Application Vulnerabilities Uncovered
Web Application Security consists of a myriad of security controls that ensure that a web application:
Functions as expected.
Cannot be exploited to operate out of bounds.
Cannot initiate operations that it is not supposed to do.
Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and email clients saturating the internet