Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.

DARKReading
Open in Source
#xss#vulnerability#web#ios#google#microsoft#cisco#git#java#oauth#auth
7 Sessions Not to Miss at Black Hat USA 2024

This year's conference will be a treasure trove of insights for cybersecurity professionals.

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails

An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various legitimate companies. "These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections — all to deceive

A week in security (July 22 – July 28)

A list of topics we covered in the week of July 22 to July 28 of 2024

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website ("chrome-web[.]com") serving malicious installer packages masquerading as Google's Chrome browser, indicating that users searching for the software on the

Stop X’s Grok AI From Training on Your Tweets

Plus: More Pegasus spyware controversy, a major BIOS controversy, and more of the week’s top security news.

CrowdStrike Outage Losses Estimated at a Staggering $5.4B

Researchers track the healthcare sector as experiencing the biggest financial losses, with banking and transportation following close behind.

Companies Struggle to Recover From CrowdStrike's Crippling Falcon Update

The cybersecurity firm says that 97% of sensors are back online, but some organizations continue to recover, with costs tallied at $5.4 billion for the Fortune 500 alone.

U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals

The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. "Rim Jong Hyok and his co-conspirators deployed

CrowdStrike Warns of New Phishing Scam Targeting German Customers

CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter