Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. […]
Toronto Public Library services down following weekend cyberattack
The Toronto Public Library (TPL) is warning that many of its online services are offline after suffering a cyberattack over the weekend, on Saturday, October 28. […]
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
A new malware wiper known as BiBi-Linux is being used to destroy data in attacks targeting Linux systems belonging to Israeli companies. […]
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed BiBi-Linux Wiper, targeting Israeli entities amidst the ongoing Israeli-Hamas war.
“This malware is an x64 ELF executable, lacking obfuscation or protective measures,” Security Joes said in a new report published today. “It allows attackers to specify target folders and can potentially destroy an entire
“This malware is an x64 ELF executable, lacking obfuscation or protective measures,” Security Joes said in a new report published today. “It allows attackers to specify target folders and can potentially destroy an entire
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware
Huawei, Honor, and Vivo smartphones and tablets are displaying strange ‘Security threat’ alerts urging the deletion of the Google app, warning that it is detected as the ‘TrojanSMS-PA’ malware. […]
New Webinar: 5 Must-Know Trends Impacting AppSec
Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it’s almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other
ServiceNow Data Exposure: A Wake-Up Call for Companies
Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in “unintended access” to sensitive data. For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of sensitive corporate data. ServiceNow has since taken steps to fix this issue.
This article fully analyzes
This article fully analyzes
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities.
“As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and
“As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster.
The vulnerabilities are as follows –
The vulnerabilities are as follows –
CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller
CVE-2023-5043 (
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware
A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE.
“MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users,” Elastic
“MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users,” Elastic