Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day”…
Category: EN
Tidal Cyber raises $5 million to accelerate the growth of its platform
Tidal Cyber raised $5 million, led by Squadra Ventures with participation from existing investors, in seed funding to accelerate the growth of its platform that enables security operations teams to proactively focus on critical threats, and take action to improve…
Secure messaging app Signal moves a step closer to launching usernames
End-to-end encrypted messaging app, Signal, is getting closer to launching a much anticipated feature that will allow users to share only a username in order to connect with other users, rather than having to reveal the phone number linked to…
MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called MuddyC2Go as part of attacks targeting Israel. “The framework’s web component is written in the Go programming language,” Deep Instinct security researcher Simon Kenin said in a technical report published Wednesday.…
When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules
While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced…
The largest Russian bank Sberbank hit by a massive DDoS attack
The largest and oldest bank in Russia Sberbank faced the record-breaking DDoS attack that reached 1 million RPS. Sberbank , the Russian banking and financial services giant, announced that it was recently hit by a record-breaking distributed denial of service…
Dallas County Departments Hit by the Play Gang
On Monday, an official confirmed that Dallas County experienced a cybersecurity incident earlier this month, which impacted segments of its network. Dallas County Judge Clay Lewis Jenkins stated in a release to Recorded Future News that an active investigation…
Group-IB Uncovered Farnetwork’s Ransomware-as-a-Service Business Model
In recent findings, cybersecurity experts have uncovered a significant player in the world of cyber threats, known as “farnetwork”. This individual has been tied to five separate cyber attack programs within the last four years, showcasing a high level…
Orange Business partners with VMware to improve employee productivity
Orange Business and VMware are strengthening their partnership to deliver Flexible SD-WAN with VMware as the first fully embedded SD-WAN offering in Evolution Platform. The Orange Business Evolution Platform combines a secured digital infrastructure with an agile, cloud approach to…
OpenAI blames DDoS attack for ongoing ChatGPT outage
OpenAI has confirmed that a DDoS (distributed denial-of-service) attack is behind “periodic outages” affecting ChatGPT and its developer tools. ChatGPT, OpenAI’s AI-powered chatbot, has been experiencing sporadic outages for the past 24 hours. Users who attempted to access the service…
SysAid Zero-Day Vulnerability Exploited by Ransomware Group
CVE-2023-47246 zero-day vulnerability in SysAid IT service management software has been exploited by Cl0p ransomware affiliates. The post SysAid Zero-Day Vulnerability Exploited by Ransomware Group appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…
CISA Says SLP Vulnerability Allowing Amplified DoS Attacks Exploited in the Wild
CISA says an SLP vulnerability allowing for a DoS amplification factor of 2,000 is being exploited in attacks. The post CISA Says SLP Vulnerability Allowing Amplified DoS Attacks Exploited in the Wild appeared first on SecurityWeek. This article has been…
OpenAI Reveals ChatGPT Is Being DDoS-ed
Periodic outages began on November 8 This article has been indexed from www.infosecurity-magazine.com Read the original article: OpenAI Reveals ChatGPT Is Being DDoS-ed
Russian Hackers Used Novel OT Attack to Disrupt Ukrainian Power Amid Mass Missile Strikes
Mandiant says Russia’s Sandworm hackers used a novel OT attack to cause power outages that coincided with mass missile strikes on critical infrastructure across Ukraine. The post Russian Hackers Used Novel OT Attack to Disrupt Ukrainian Power Amid Mass Missile…
Multiple Node.js Vulnerabilities Fixed in Ubuntu
Ubuntu 22.04 LTS has received security updates addressing several Node.js vulnerabilities that could be exploited to cause a denial of service or arbitrary code execution. It is crucial to keep your Node.js packages up to date to avoid falling victim…
Evaluating the Impact of Linux Kernel Patches on System Performance
Kernel patches are changes in code that are applied to the Linux kernel to address bugs and security issues as well as improve hardware support. They are essential to maintaining the security and updates of the operating system. However, applying…
BIG-IP Vulnerability Alert: Remote Code Execution Risk
In recent news, F5 has issued a critical security alert regarding a significant BIG-IP vulnerability that poses a severe risk to their BIG-IP systems. This vulnerability, rated at 9.8 out of 10 on the Common Vulnerabilities Scoring System (CVSS), allows…
Unpacking the Latest Okta Breach, What All You Need to Know
Okta stated on Friday that the recent breach at the digital identity management services provider, which resulted in the targeting of some of its customers, likely occurred when an employee logged into a personal Google account using a company…
UK Shoppers Lost Nearly £11m to Fraud Last Festive Season
NCSC warns of AI-generated scams in run-up to Christmas This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Shoppers Lost Nearly £11m to Fraud Last Festive Season
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies. This article has been indexed from…