The information was stolen from a marketing tool after an employee fell victim to a targeted phone phishing attack.
The post Security Firm Aura Discloses Data Breach Impacting 900,000 Records appeared first on SecurityWeek.
7 Ways to Prevent Privilege Escalation via Password Resets
Password resets are often weaker than login security, making them a prime target for privilege escalation. Specops Software explains how attackers abuse reset workflows and how to secure them. […]
Hacker Conversations: Ben Harris, from Unintentional Young Hacker to Intentional Adult CEO
Harris is a hacker with a rebellious spirit and a willingness to break rules in the pursuit of his purpose – but without causing harm or damage.
The post Hacker Conversations: Ben Harris, from Unintentional Young Hacker to Intentional Adult CEO appeared first on SecurityWeek.
Russian APT Exploits Zimbra Vulnerability Against Ukraine
Insufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser.
The post Russian APT Exploits Zimbra Vulnerability Against Ukraine appeared first on SecurityWeek.
Max severity Ubiquiti UniFi flaw may allow account takeover
Ubiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow attackers to take over user accounts. […]
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
Cybersecurity researchers have disclosed a new Android malware family called Perseus that’s being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud.
Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a “more flexible and capable platform” for compromising Android devices through dropper apps distributed
Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a “more flexible and capable platform” for compromising Android devices through dropper apps distributed
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
CISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker’s systems. […]
How Ceros Gives Security Teams Visibility and Control in Claude Code
Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls.
Claude Code, Anthropic’s AI coding agent, is now running across engineering organizations at scale. It reads files, executes shell commands, calls external APIs,
Claude Code, Anthropic’s AI coding agent, is now running across engineering organizations at scale. It reads files, executes shell commands, calls external APIs,
Raven Emerges From Stealth With $20 Million in Funding
Raven’s platform observes applications at runtime to detect anomalous behavior and prevent cyberattacks.
The post Raven Emerges From Stealth With $20 Million in Funding appeared first on SecurityWeek.
New ‘Perseus’ Android malware checks user notes for secrets
A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. […]