The hack at Change Healthcare stands as the biggest breach of U.S. medical data in history, exposing 190 million people’s data. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News |…
Category: EN
New Phishing Attack Using zero-width Characters to Bypass Security Filters
Cybercriminals are employing sophisticated strategies to bypass email security filters, creating phishing emails that are undetectable by utilizing HTML entities and zero-width characters. This new wave of attacks, dubbed “Shy Z-WASP,” combines zero-width joiners and soft hyphen entities to obfuscate…
Xerox Workplace Suite Vulnerability Let Attackers Bypass API Security
Xerox has released a critical security bulletin addressing multiple vulnerabilities in its Xerox Workplace Suite, a widely used print management server solution. These vulnerabilities, identified as CVE-2024-55925 through CVE-2024-55931, could allow attackers to bypass API security, manipulate headers, and exploit…
New Attack Abusing Multicast Poisoning for PreAuthenticated Kerberos Relay
A novel attack method leveraging multicast poisoning to execute pre-authenticated Kerberos relay attacks over HTTP. This technique, detailed by Quentin Roland of Synacktiv, combines legacy weaknesses in local name resolution protocols with advanced authentication relaying tools like Responder and krbrelayx.…
Cyber Insights 2025: Cybersecurity Regulatory Mayhem
Cybersecurity regulations are facing a tipping point. There are too many and they are too complex to manage – and it’s getting worse. The post Cyber Insights 2025: Cybersecurity Regulatory Mayhem appeared first on SecurityWeek. This article has been indexed…
Vulnerability Summary for the Week of January 13, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Campaign Management System Platform for Women A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by…
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]
Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent…
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user’s Git credentials. “Git implements a protocol called Git Credential Protocol…
Royal Mail SMS Phishing Scam Targets Victims with Fake Delivery Fee Requests
Beware of a convincing Royal Mail SMS phishing scam asking for personal details and payment for re-delivery. Learn… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: Royal Mail SMS…
Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST
Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool. The post Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST appeared first on SecurityWeek. This article has been…
5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)
5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability…
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]
Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent…
Multiple Git flaws led to credentials compromise
Vulnerabilities in the Git credential retrieval protocol could have allowed threat actors to access user credentials. Security researcher RyotaK from GMO Flatt Security Inc discovered multiple vulnerabilities in the Git credential retrieval protocol that could have allowed threat actors to…
Burp Suite 2025.1 With New Intruder Options & Bug Fixes
PortSwigger has released Burp Suite 2025.1, introducing several new features and improvements aimed at enhancing the tool’s usability and efficiency for penetration testers. This update includes significant advancements in the Burp Intruder module, HTTP response analysis, and interaction management, alongside…
New Malware Campaign Using 7z & UltraVNC Tool To Deploy Malware
A sophisticated malware campaign has been uncovered, leveraging 7-Zip self-extracting archives and the UltraVNC remote access tool to target Russian-speaking entities. The operation, attributed to a threat actor dubbed GamaCopy, mimics tactics previously associated with the Kremlin-aligned Gamaredon group. The…
Three Big Reasons Ransomware Payments Are Up More Than 5X Over Last Year
If the mission of cybersecurity is to protect the organization from losses to cybercriminals, we are in deep trouble. Over the past year there has been a dramatic increase in… The post Three Big Reasons Ransomware Payments Are Up More…
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]
Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent…
The Role of Identity Verification in Financial Institutions
As financial transactions move online, ensuring secure customer verification while maintaining a seamless experience has become an operational… The post The Role of Identity Verification in Financial Institutions appeared first on Hackers Online Club. This article has been indexed from…
UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach
UnitedHealth now estimates that 190 million people were affected by the massive Change Healthcare data breach nearly a year ago. This article has been indexed from Malwarebytes Read the original article: UnitedHealth almost doubles victim numbers from massive Change Healthcare…
Building Automation Protocols Increasingly Targeted in OT Attacks: Report
Industrial automation protocols continue to be the most targeted in OT attacks, but building automation systems have been increasingly targeted. The post Building Automation Protocols Increasingly Targeted in OT Attacks: Report appeared first on SecurityWeek. This article has been indexed…