Blog – Page 955 – Cyber Mike

How Hybrid Password Attacks Work and How to Defend Against Them

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.
In this post, we’ll explore hybrid attacks — what they are

Recent Veeam Vulnerability Exploited in Ransomware Attacks

Sophos warns of ransomware operators exploiting a critical code execution vulnerability in Veeam Backup & Replication.

The post Recent Veeam Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.

Fidelity Investments Data Breach Impacts 77,000 Customers

Fidelity Investments is informing 77,000 individuals that their personal information was compromised in a data breach.

The post Fidelity Investments Data Breach Impacts 77,000 Customers appeared first on SecurityWeek.

GitLab Patches Pipeline Execution, SSRF, XSS Vulnerabilities

The latest GitLab update resolves eight vulnerabilities, including critical- and high-severity pipeline execution flaws.

The post GitLab Patches Pipeline Execution, SSRF, XSS Vulnerabilities appeared first on SecurityWeek.

OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks

OpenAI has disrupted 20 cyber and influence operations this year, including the activities of Iranian and Chinese state-sponsored hackers.

The post OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks appeared first on SecurityWeek.

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks.
It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.
Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.

“An issue was discovered in GitLab EE

Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services.
The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said.
The marketplace

American Water Bringing Systems Back Online After Cyberattack

American Water is reconnecting and reactivating the systems that were taken offline earlier this week due to a cybersecurity incident.

The post American Water Bringing Systems Back Online After Cyberattack appeared first on SecurityWeek.

Ukraine arrests rogue VPN operator providing access to Runet

Ukraine’s cyber police have arrested a 28-year-old man who operated a massive virtual private network (VPN) service, allowing people from within the country to access the Russian internet (Runet). […]

Cyber News