The Tor Project has responded to claims that German law enforcement has found a way to deanonymize users.
The post Tor Responds to Reports of German Police Deanonymizing Users appeared first on SecurityWeek.
Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East
An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to target networks.
Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, Cisco Talos, and
Google-owned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, Cisco Talos, and
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.
The post Ivanti Warns of Second CSA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices.
“This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can’t be accessed by anyone, not even Google,” Chrome product manager Chirag Desai said.
The PIN is a six-digit code by default, although it’s
“This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can’t be accessed by anyone, not even Google,” Chrome product manager Chirag Desai said.
The PIN is a six-digit code by default, although it’s
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the company as part of CSA 4.6 Patch 519 and CSA 5.0.
“Path Traversal in the Ivanti CSA before 4.6 Patch
The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the company as part of CSA 4.6 Patch 519 and CSA 5.0.
“Path Traversal in the Ivanti CSA before 4.6 Patch
Suspects behind $230 million cryptocurrency theft arrested in Miami
Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. […]
CISA warns of actively exploited Apache HugeGraph-Server bug
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. […]
Microsoft Edge will flag extensions causing performance issues
Microsoft is testing a new feature in the Edge browser called the “extension performance detector,” which warns you when browser extensions cause performance issues on web pages you visit. […]
Tor says it’s “still safe” amid reports of police deanonymizing users
The Tor Project is attempting to assure users that the network is still safe after a recent investigative report warned that law enforcement from Germany and other countries are working together to deanonymize users through timing attacks. […]
Ivanti warns of another critical CSA flaw exploited in attacks
Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA)Â vulnerability in attacks targeting a limited number of customers. […]