A vulnerability in Google’s OAuth implementation allows takeover of old employee accounts when domain ownership changes.
The post Google OAuth Flaw Leads to Account Takeover When Domain Ownership Changes appeared first on SecurityWeek.
Chrome 132 Patches 16 Vulnerabilities
Google has released Chrome 132 with fixes for 16 vulnerabilities, including multiple high-severity security defects.
The post Chrome 132 Patches 16 Vulnerabilities appeared first on SecurityWeek.
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam.
The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared with The Hacker
The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared with The Hacker
Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities
Nvidia, Zoom, and Zyxel have released patches for multiple high-severity vulnerabilities across their products.
The post Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client.
“Attackers can take control of a malicious server and read/write arbitrary files of any connected client,” the CERT Coordination Center (CERT/CC) said in an advisory. “Sensitive data, such as SSH keys,
“Attackers can take control of a malicious server and read/write arbitrary files of any connected client,” the CERT Coordination Center (CERT/CC) said in an advisory. “Sensitive data, such as SSH keys,
US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists
The US, Japan, and South Korea say North Korean hackers stole roughly $660 million in cryptocurrency last year.
The post US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists appeared first on SecurityWeek.
CISA Publishes Microsoft Expanded Cloud Log Implementation Playbook
The High-Stakes Disconnect For ICS/OT Security
Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk.
In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT
In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT
ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA
Schneider Electric, Siemens, CISA, and Phoenix Contact have released January 2025 Patch Tuesday ICS security advisories.
The post ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA appeared first on SecurityWeek.
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a “multi-month law enforcement operation.”
PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People’s Republic of China (PRC
PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People’s Republic of China (PRC