Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. […]
ArcaneDoor hackers exploit Cisco zero-days to breach govt networks
Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. […]
Google Meet opens client-side encrypted calls to non Google users
Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. […]
Windows 11 KB5036980 update goes live with Start Menu ads
Microsoft has enabled Start menu ads in the optional KB5036980 preview cumulative update for Windows 11 22H2 and 23H2. […]
Ring customers get $5.6 million in privacy breach settlement
The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. […]
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021.
This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh
This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
Cybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad.
The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.
“SSLoad is designed to stealthily infiltrate systems, gather sensitive
The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.
“SSLoad is designed to stealthily infiltrate systems, gather sensitive
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users’ keystrokes to nefarious actors.
The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any security
The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any security
CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers
A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.
Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin
Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin
Microsoft pulls fix for Outlook bug behind ICS security alerts
Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates […]