GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. […]
Apple wasn’t storing deleted iOS photos in iCloud after all
Security researchers reverse-engineered Apple’s recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud. […]
Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern
Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed.
“Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,”
“Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,”
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2020-17519, the issue relates to a case of improper access control that
Tracked as CVE-2020-17519, the issue relates to a case of improper access control that
Northern Ireland police faces £750k fine after exposing staff info
UK’s Information Commissioner Office (ICO) has announced the intention to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce’s personal details by inadvertently publishing a spreadsheet file online. […]
New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts
The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign.
“The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools,” Check Point
“The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools,” Check Point
Are Your SaaS Backups as Secure as Your Production Data?
Conversations about data security tend to diverge into three main threads:
How can we protect the data we store on our on-premises or cloud infrastructure?
What strategies and tools or platforms can reliably backup and restore data?
What would losing all this data cost us, and how quickly could we get it back?
All are valid and necessary conversations for technology organizations of all shapes
Inside Operation Diplomatic Specter: Chinese APT Group’s Stealthy Tactics Exposed
Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022.
“An analysis of this threat actor’s activity reveals long-term espionage operations against at least seven governmental entities,” Palo Alto Networks
“An analysis of this threat actor’s activity reveals long-term espionage operations against at least seven governmental entities,” Palo Alto Networks
Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager
Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances.
Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to
Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to
Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search
A massive Microsoft outage in some regions affects Bing.com, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search and DuckDuckGo. […]