Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface). […]
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
A group of academics has disclosed a new “software fault attack” on AMD’s Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation.
The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. It
The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. It
Windows 11 KB5032190 update enables Moment 4 features for everyone
Microsoft has released the KB5032190 cumulative update to fix security vulnerabilities in Windows 11. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features, provided you turn on the “Get latest updates” toggle. […]
Meet the Unique New “Hacking” Group: AlphaLock
A Russian hacking group known as AlphaLock is launching a “pentest” marketplace and training platform to empower a new generation of threat actors. Learn more from Flare about the new hacking group. […]
DHS Cybersecurity and Infrastructure Security Agency Releases Roadmap for Artificial Intelligence
The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy
In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations.
In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh reality: traditional cybersecurity
In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh reality: traditional cybersecurity
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed OracleIV.
“Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named ‘oracleiv_latest’ and containing Python malware compiled as an ELF executable
“Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named ‘oracleiv_latest’ and containing Python malware compiled as an ELF executable
CI/CD Risks: Protecting Your Software Development Pipelines
Have you heard about Dependabot? If not, just ask any developer around you, and they’ll likely rave about how it has revolutionized the tedious task of checking and updating outdated dependencies in software projects.
Dependabot not only takes care of the checks for you, but also provides suggestions for modifications that can be approved with just a single click. Although Dependabot is limited
Dependabot not only takes care of the checks for you, but also provides suggestions for modifications that can be approved with just a single click. Although Dependabot is limited
New Campaign Targets Middle East Governments with IronWind Malware
Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind.
The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas
The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers
The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts.
“An important feature that sets it apart is that, unlike previous campaigns, which relied on .NET applications, this one used Delphi as the programming
“An important feature that sets it apart is that, unlike previous campaigns, which relied on .NET applications, this one used Delphi as the programming