US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. […]
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim’s account.
“The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
“The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the
Now on Demand: Inside a Hacker’s Playbook – How Cybercriminals Use Deepfakes
This eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake technology and Business Email Compromise (BEC).
The post Now on Demand: Inside a Hacker’s Playbook – How Cybercriminals Use Deepfakes appeared first on SecurityWeek.
ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms
Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago.
“Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell
“Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell
Atlassian, Splunk Patch High-Severity Vulnerabilities
Atlassian and Splunk on Tuesday announced patches for over two dozen vulnerabilities, including high-severity flaws.
The post Atlassian, Splunk Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Cleo Vulnerability Exploitation Linked to Termite Ransomware Group
Exploitation of a vulnerability affecting Cleo file transfer tools has been linked to the new Termite ransomware group.
The post Cleo Vulnerability Exploitation Linked to Termite Ransomware Group appeared first on SecurityWeek.
Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration
Google’s Willow quantum chip marks a transformative moment in quantum computing development.
The post Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration appeared first on SecurityWeek.
446,000 Impacted by Center for Vein Restoration Data Breach
Center for Vein Restoration discloses data breach impacting the personal, medical, and financial information of 446,000 individuals.
The post 446,000 Impacted by Center for Vein Restoration Data Breach appeared first on SecurityWeek.
ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others
December 2024 ICS Patch Tuesday brings advisories from CISA, as well as several major industrial automation companies.
The post ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others appeared first on SecurityWeek.
Ivanti Patches Critical Flaws in Connect Secure, Cloud Services Application
Ivanti has released patches for critical vulnerabilities in Cloud Services Application, Connect Secure, and Policy Secure.
The post Ivanti Patches Critical Flaws in Connect Secure, Cloud Services Application appeared first on SecurityWeek.