Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Cybersecurity Professionals Push Their Organizations Toward Vendor Consolidation and Product Integration

New global study from ESG and ISSA reveals nearly half of organizations are consolidating or plan on consolidating the number of vendors they do business with

DARKReading
Open in Source
#intel
The DHS Bought a ‘Shocking Amount’ of Phone-Tracking Data

The ACLU released a trove of documents showing how Homeland Security contracted with surveillance companies to scour location information.

'AIG' Threat Group Launches With Unique Business Model

The rapidly growing Atlas Intelligence Group relies on cyber-mercenaries to carry out its missions.

Chaotic LAPSUS$ Group Goes Quiet, but Threat Likely Persists

The LAPSUS$ group emerged with a big splash at the end of 2021, targeting companies, including Okta, with a "reckless and disruptive" approach to hacking.

Conti’s Reign of Chaos: Costa Rica in the Crosshairs

Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica?

Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of

Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022," Palo Alto Networks Unit 42 said in a Tuesday

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform.