Information

08 Sep

Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks

Cisco this week raised the alarm on a zero-day in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that has been exploited in Akira ransomware attacks since August. Tracked as CVE-2023-20269 (CVSS score of 5.0, medium severity), the issue exists in the remote access VPN feature of Cisco ASA and FTD and can be exploited remotely, without authentication, in brute force attacks. “This vulnerability is due to improper separation of authentication, authorization, and…

08 Sep

New Phishing Campaign Launched via Google Looker Studio

Information, News

Cybersecurity firm Check Point is warning of a new type of phishing attacks that abuse Google Looker Studio to bypass protections. Google Looker Studio is a legitimate online tool for creating customizable reports, including charts and graphs, that can be easily shared with others. As part of the observed attacks, threat actors are using Google Looker Studio to create fake crypto pages that are then delivered to the intended victims in emails sent from the…

07 Sep

Staying ahead of threats: 5 cybercrime trends to watch

Information

New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought

07 Sep

Apple Patches Actively Exploited iOS, macOS Zero-Days

Information, News

Apple on Thursday pushed out an urgent point-update to its flagship iOS and macOS platforms to fix a pair of security defects being exploited in the wild. The vulnerabilities, fixed in the latest iOS 16.6.1 and macOS Ventura 13.5.2 releases, are credited to the Citizen Lab at The University of Torontoʼs Munk School, suggesting exploitation in commercial surveillance spyware products. The Citizen Lab at The University of Torontoʼs Munk School actively tracks PSOAs (private sector…

06 Sep

Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes

Data Breaches, Information, News

Microsoft has published a post-mortem detailing multiple errors that led to Chinese cyberspies hacking into US government emails, blaming the embarrassing incident on a crash dump stolen from a hacked engineer’s corporate account. The crash dump, which dated back to April 2021, contained a Microsoft account (MSA) consumer key that was used to forge tokens to break into OWA and Outlook.com accounts. “Our investigation found that a consumer signing system crash in April of 2021…

05 Sep

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Data Breaches, Information, Insights

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Taylor Monahan is lead product manager of MetaMask, a…

05 Sep

Getting off the hook: 10 steps to take after clicking on a phishing link

Information

Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.

05 Sep

CISA Hires ‘Mudge’ to Work on Security-by-Design Principles

Information, News

The U.S. government’s cybersecurity agency CISA on Monday confirmed the addition of Peiter ‘Mudge’ Zatko to its roster of prominent voices preaching the gospel of security-by-design and secure-by-default development principles. Zatko, most recently the CISO at Twitter who blew the whistle on the social media giant’s security shortcomings, is joining the agency in a part-time capacity to work on the “security and resilience by design” pillar of the Biden administration’s National Cybersecurity Strategy. A statement…

01 Sep

Exploit Code Published for Critical-Severity VMware Security Defect

Information, News

Just days after shipping a major security update to correct vulnerabilities in its Aria Operations for Networks product line, VMWare is warning that exploit code has been published online. In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The exploit code and root-cause analysis, released by SinSinology…

01 Sep

Fake Signal and Telegram apps – Week in security with Tony Anscombe

Information

ESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites

Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks

New Phishing Campaign Launched via Google Looker Studio

Staying ahead of threats: 5 cybercrime trends to watch

Apple Patches Actively Exploited iOS, macOS Zero-Days

Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Getting off the hook: 10 steps to take after clicking on a phishing link

CISA Hires ‘Mudge’ to Work on Security-by-Design Principles

Exploit Code Published for Critical-Severity VMware Security Defect

Fake Signal and Telegram apps – Week in security with Tony Anscombe

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources