Fintech platform Hatch Bank disclosed a data breach, hackers exploited a recently discovered zero-day in Fortra GoAnywhere MFT secure file-sharing platform. Hatch Bank is a fintech firm that provides services to other fintech companies. The company disclosed a data breach…
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Patches for the flaw – which affects a wide variety of…
BidenCash Leaks Database with Over 2 Million Stolen Credit Cards
A database containing over 2 million debit and credit cards was released for free by carding marketplace BidenCash, in celebration of its first anniversary. The threat actors advertised the massive leak on an underground cybercrime forum to attract as much…
Prevention-focused SASE Solution is Here: Check Point leads the way, per new Miercom Report
Which is better—detecting a threat and not knowing how long it’s been in your network, or preventing it from getting in? It’s not a trick question. Threats of all kinds have become increasingly sophisticated and aggressive. As global unrest in…
What is Malware as a Service (MaaS)?
Malware as a Service is the unlawful lease of software and hardware from the Dark Web to carry out cyber attacks. The threat actors who use this service are provided with botnet services and technical support by the MaaS owners.…
Stop Working in Silos: Integrating with APIs
Is your security tool an island? Does it do its singular task with little more to offer than what it says on the package? Too many security offerings behave as singular entities, forcing you to constantly perform task switching to…
City of Oakland Faces Major Data Leak
Information was stolen during recent ransomware attack This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: City of Oakland Faces Major Data Leak
Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs
Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs). The post Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs appeared first on SecurityWeek. This article has been…
UK Government Plans Skills Boost for Public Sector Fraud Fight
Focus will be on enhancing prevention and identification skills This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: UK Government Plans Skills Boost for Public Sector Fraud Fight
Threat landscape for industrial automation systems for H2 2022
In H2 2022, the percentage of ICS computers on which malicious objects were blocked increased by 3.5 percentage points compared to the previous six-month period, reaching 34.3%. This article has been indexed from Securelist Read the original article: Threat landscape…
TPM 2.0 Library Flaws May Affect Billions Of IoT Devices
Two buffer overflow flaws in the Trusted Platform Module (TPM) 2.0 specification could let attackers access or replace sensitive data, like cryptographic keys. TPM is a hardware-based solution that offers tamper-resistant operating systems and secure cryptographic services. It can be…
FTC Proposes $7.8m Fine for BetterHelp
Online counseling service shared health data This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: FTC Proposes $7.8m Fine for BetterHelp
Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm
A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to “side-channel attacks on up to…
Software developers, how secure is your software?
Colour-Blind, a fully featured info stealer and RAT in PyPI
Experts discovered a fully featured information stealer, tracked as ‘Colour-Blind’ in the Python Package Index (PyPI). Researchers from Kroll’s Cyber Threat Intelligence team discovered a malicious Python package uploaded to the Python Package Index (PyPI) that contained a fully-featured information…
How to achieve and shore up cyber resilience in a recession
Today’s business leaders are grappling with two opposing challenges. On the one hand, present day global economic and recessionary pressures mean spending policies need to be reviewed and cash reserves built up. On the other hand, the volume and increasing…
6 cybersecurity and privacy Firefox add-ons you need to know about
In today’s digital age, cybersecurity and privacy have become major concerns for internet users. With the increase in cyber attacks and data breaches, it is vital to protect your online privacy and security. One way to do this is by…
Eye4Fraud – 16,000,591 breached accounts
In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was posted to a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables…
Third party Cybersecurity risks in securing the supply chain
Some of the biggest prevailing challenges in the cybersecurity world over the last year have been those revolving around securing the software supply chain across the enterprise. The software that enterprises build for internal use and external consumption by their…
Stories from the SOC – The case for human response actions
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers. Executive summary As we move towards more automation,…
Cisco to acquire Valtix
Cisco, the networking giant that also into the business of cloud and Cybersecurity business, has announced that it is soon going to acquire Valtix, a start-up in the business of cloud security. Information is out that the deal might take…
Popular fintech apps expose valuable, exploitable secrets
92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, according to Approov. The Approov Mobile Threat Lab downloaded, decoded and scanned the top 200 financial…
XIoT risk and the vulnerability landscape
Recently, Claroty released its State of XIoT Security Report, which shares analyses of publicly disclosed vulnerabilities affecting operational technology (OT), internet of things (IoT) devices, and most recently, the internet of medical things (IoMT). In this Help Net Security video,…
MQsTTang – Chinese Hackers Using Custom Malware To Evade AV Detection
In a recent analysis, MQsTTang, a newly designed custom backdoor, has been scrutinized by ESET researchers. After a thorough investigation, the source of this malware has been attributed to the infamous Mustang Panda APT group by the experts. Tracing back…
OneTrust Certification Automation helps businesses transcend traditional compliance barriers
OneTrust introduces OneTrust Certification Automation to the OneTrust ecosystem to help organizations navigate the complex and evolving regulatory landscape. OneTrust Certification Automation brings together automation, pre-built policies, and controls for 29 industry frameworks, over 100 integrations, and tailored guidance from…
iD Tech – 415,121 breached accounts
In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have…
Where are the women in cyber security? On the dark side, study suggests
Also, Royal ransomware metastasizes to other critical sectors, and this week’s critical vulnerabilities In Brief If you can’t join them, then you may as well try to beat them – at least if you’re a talented security engineer looking for…