A detailed analysis from Maverits, a leading cybersecurity firm, reveals a significant evolution in the strategies and objectives of APT28, a cyber-espionage group linked to Russia’s GRU military intelligence unit. Covering activities from 2022 to 2024, the report highlights APT28’s…
Tag: EN
Hackers Exploit OAuth 2.0 Code Flow Using AiTM Attack on Microsoft Azure AD
Security enthusiasts and professionals are turning their focus towards a new angle on phishing attacks in the identity and access management space. During the “Offensive Entra ID (Azure AD) and Hybrid AD Security” training, a clever demonstration showcased how a…
New Apple SLAP & FLOP Side-Channel Attacks Let Attackers Steal Login Details From Browser
Researchers from the Georgia Institute of Technology and Ruhr University Bochum have uncovered two novel speculative execution attacks, named SLAP (Speculative Data Attacks via Load Address Prediction) and FLOP (Breaking the Apple M3 CPU via False Load Output Predictions). These…
MGM Resorts settles lawsuits after millions of customer records stolen in data breaches
A court filing says 37 million MGM customers had personal data stolen in the cyberattacks. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original article: MGM…
Hackers Allegedly Selling Fortinet Vulnerability Exploit on Dark Web Forums
A significant cybersecurity threat has emerged as hackers on a prominent Russian dark web forum claim to be selling an active exploit targeting Fortinet devices. The exploit reportedly leverages a critical vulnerability, CVE-2024-55591, which affects FortiOS versions 7.0.0 through 7.0.16. …
Apple Chips Vulnerability Exposes Credit Cards & Location History to Hackers
Researchers have uncovered two critical vulnerabilities in Apple’s custom silicon chips, dubbed SLAP (Speculative Load Address Prediction) and FLOP (False Load Output Predictions). These flaws, found in Apple’s A- and M-series processors, expose sensitive user data such as credit card…
State-sponsored Actors Abusing Gemini to Fuel Cyber Attacks
The state-sponsored threat actors are increasingly exploiting Google’s AI-powered assistant, Gemini, to enhance their cyber operations. While generative AI tools like Gemini hold immense potential for innovation and productivity, their misuse by advanced persistent threat (APT) groups and information operations…
Windows 11 24H2 Update Breaks Web camera, Audio, & USB
The most recent update for Windows 11 24H2, identified as KB5050009, has caused various kinds of technical issues for users, affecting critical functionalities like audio, Bluetooth, USB devices, and webcams. Released earlier this month, the update was intended to enhance…
Our Digital Footprints are Breadcrumbs for Mapping our Personal Behavior
The Government Accountability Office states that customers are usually unaware of the potential privacy risks and biases that arise from use of personal information. The post Our Digital Footprints are Breadcrumbs for Mapping our Personal Behavior appeared first on Security…
Cybercriminals Use Google Ads and URL Cloaking to Spread Malware
Cybercriminals are increasingly using Google ads and sophisticated cloaking techniques to push malware onto unsuspecting users. The latest example involves a fake Homebrew website that tricked users into downloading an infostealer designed to steal sensitive data, including login credentials…
New Zyxel Zero-Day Under Attack, No Patch Available
GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)
CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute arbitrary commands on…
AI Surge Drives Record 1205% Increase in API Vulnerabilities
AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Surge Drives Record 1205% Increase in API Vulnerabilities
Mishing Cyber Attack from malicious PDF
In recent years, we’ve witnessed the rise of phishing attacks, where cybercriminals trick victims into clicking on malicious web links to harvest sensitive personal information. Building upon this tactic, a new form of attack has emerged known as “Mishing” —…
Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
And now you won’t stop calling me, I’m kinda busy A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai’s Security Intelligence and Response Team.… This…
Ongoing report: Babuk2 (Babuk-Bjorka)
Editor’s note: We will continue to provide updates as further information is forthcoming. On January 27th, 2025, GuidePoint’s Research and […] The post Ongoing report: Babuk2 (Babuk-Bjorka) appeared first on Security Boulevard. This article has been indexed from Security Boulevard…
Flare Academy is Here!
We’re excited to share that we now offer Flare Academy, an educational hub with free interactive online training for cybersecurity professionals. What is Flare Academy? Flare Academy offers online training modules led by subject matter experts on the latest cybersecurity…
Nation-State Hackers Abuse Gemini AI Tool
Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development This article has been indexed from www.infosecurity-magazine.com Read the original article: Nation-State Hackers Abuse Gemini AI Tool
Oligo Raises $50M to Tackle Application Detection and Response
Oligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform. The post Oligo Raises $50M to Tackle Application Detection and Response appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Clutch grabs $20M to build out its non-human security ID platform
When it comes to the world of cybersecurity, identity is often thought of as a “perimeter” around an organization. So many breaches begin through techniques like password theft, phishing, and credential stuffing; ergo, securing the identities of not only users,…