Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Alleged FruitFly malware creator ruled incompetent to stand trial

Almost seven years after alleged FruitFly author Phillip Durachinsky’s arrest, judge Solomon Oliver has ruled he's incompetent to stand trial.

Malwarebytes
Open in Source
#web#mac#apple#auth#ssh
GitLab warns zero-click vulnerability could lead to account takeovers

GitLab has warned about a critical vulnerability that allows an attacker to change passwords without user interaction.

Case Study: The Cookie Privacy Monster in Big Global Retail

Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t anything malicious, but with modern web environments being so complex, mistakes can happen, and non-compliance fines can be just an oversight away.Download the full case study here. As a child,

Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme “leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that spoofed Web3 protocols to trick victims into authorizing

Patch management needs a revolution, part 2: The flood of vulnerabilities

This is the second part of Vincent Danen’s “Patch management needs a revolution” series. The first post can be read here.When I started working in the security field over 20 years ago, CVE (Common Vulnerabilities and Exposures) had just been created. In 1999, MITRE, a US-based Federally Funded Research and Development Corporation (FFRDC) was established to advance national security, creating the CVE program as a way of cataloging vulnerabilities so that any single vulnerability could be distinguished from another. It was a few years before it gained wider adoption and longer yet to be co

Anonymous Sudan Claims London Internet Exchange Attack Over Yemen Strikes

By Deeba Ahmed Anonymous Sudan is a pro-Russia hacktivist group, and their emergence aligns with the rise of other pro-Russian cyber actors since the beginning of the Ukraine war. This is a post from HackRead.com Read the original post: Anonymous Sudan Claims London Internet Exchange Attack Over Yemen Strikes

Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer

By Deeba Ahmed Attackers Leveraging Windows Vulnerability in Phemedrone Malware Campaign for Enhanced Stealth. This is a post from HackRead.com Read the original post: Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer

British Cosmetics Retailer Lush Investigating Cyber Attack

By Waqas From Bubbles to Bytes: Lush investigates 'cyber incident' without giving any substantial information to customers. This is a post from HackRead.com Read the original post: British Cosmetics Retailer Lush Investigating Cyber Attack

3 Ransomware Group Newcomers to Watch in 2024

The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases.  Figure 1: Year over year victims per quarter The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a teaser—2023 roared back with the same fervor as 2021, propelling existing groups and ushering in a wave of formidable

Korenix JetNet Series Unauthenticated Access

Korenix JetNet Series allows TFTP without authentication and also allows for unauthenticated firmware upgrades.