Cross-Site Scripting (XSS) is a sneaky security flaw that lets attackers inject malicious code into seemingly harmless websites. In this article, let’s dive deep into the world of XSS, exploring its different forms, the kind of damage it can cause,…
Category: EN
Medical Software: Advancements and Security Concerns in 2024
In recent years, the landscape of healthcare has experienced digital transformation just like any other industry. And telemedicine is at the forefront of this transformation. As we navigate through a world where convenience meets necessity, software emerges as the unsung…
5 Ways to Strengthen the Weak Link in Cybersecurity
In the current era, proactive cybersecurity steps are essential to upholding a strong cybersecurity stance. A vital investment worth considering is a vulnerability management platform, also known as an exposure management platform, which can enhance preventive cybersecurity measures for businesses…
FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it’s in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. “We are reaching out to…
In Bad Company: JScript RAT and CobaltStrike
Remote Access Trojans (RATs) that are based in JScript are gaining traction. We have looked at a recent example that emerged in mid-May. It turns out that this RAT has some companions on the way that we are familiar with.…
Chinese threat actor exploits old ThinkPHP flaws since October 2023
Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP. The campaign seems to have…
#Infosec2024: Collaboration is Key to an Effective Security Culture
Organizations need a culture that goes beyond reporting incidents, where the business wants to collaborate with the security team This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2024: Collaboration is Key to an Effective Security Culture
300+ Times Downloaded Package from PyPI Contains Wiper Components
ReversingLabs researchers recently uncovered a malicious open-source package named xFileSyncerx on the Python Package Index (PyPI). This package, which had been downloaded nearly 300 times, contained separate malicious “wiper” components. Initially, it raised concerns about being an open-source supply chain…
Easily integrate Secrets Management System with Ansible Automation Platform to update systems passwords
Changing systems passwords is a common task that all systems administrators must do to keep up with all the latest security policies. Now with secrets being managed by the secrets management system, we need a way to integrate with that…
Exploring security by design and loosening guides
The concept of security by design, which includes the concept of security by default, is not new. In fact, secure by design is considered one of the fundamental principles of secure development. In general, we say there is security by…
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat…
Top Computer Security Risks and How to Stay Safe
Reading Time: 4 min Discover the top Computer security risks in 2024 and learn how to stay protected. Explore threats like phishing, and AI attacks, and find effective safety strategies. The post Top Computer Security Risks and How to Stay…
How to securely transfer files with presigned URLs
Securely sharing large files and providing controlled access to private data are strategic imperatives for modern organizations. In an era of distributed workforces and expanding digital landscapes, enabling efficient collaboration and information exchange is crucial for driving innovation, accelerating decision-making,…
Tenable Acquires Eureka Security To Provide Data Security Across Infrastructure
Tenable® Holdings, Inc., a leading Exposure Management company, has announced a definitive agreement to acquire Eureka Security, Inc., a prominent provider of data security posture management (DSPM) for cloud environments. This strategic acquisition aims to bolster Tenable’s cloud security capabilities,…
Apple to launch app that will have ability to generate and store passwords
Apple Inc is gearing up to introduce its own password management application at the upcoming Worldwide Developer Conference, aiming to tackle user frustrations with passwords. While other tech companies are exploring passwordless technologies like passkeys for more secure login methods,…
Safeguarding the Fortress: Google’s Battle Against Cyber Attacks
In an era where digital dominance reigns supreme, tech giants like Google stand as pillars of innovation and progress. However, with great power comes great vulnerability, as these companies often find themselves at the forefront of cyber warfare. As the…
Microsoft Details On Using KQL To Hunt For MFA Manipulations
It is difficult to secure cloud accounts from threat actors who exploit multi-factor authentication (MFA) settings. Threat actors usually alter compromised users’ MFA attributes by bypassing the requirements, disabling MFA for others, or enrolling rogue devices in the system. They…
Spam blocklist SORBS closed by its owner, Proofpoint
Spammers will probably bid to buy it, so community is trying to find a better home for decades-old service Exclusive The Spam and Open Relay Blocking System (SORBS) – a longstanding source of info on known sources of spam widely…
Google Leak Reveals Concerning Privacy Practices
An internal leak has revealed troubling privacy and security practices at Google, exposing substantial lapses over a span of six years. This revelation highlights the tech giant’s failure to prioritise user data protection, raising concerns about the company’s handling…
Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances
The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. “The attackers used the cmd.cat/chattr docker image container that retrieves the…