Main Points: – A new side-channel attack, iLeakage, has been discovered that exploits a weakness in Apple’s A- and M-series CPUs. – This attack can allow sensitive information to be extracted from the Safari web browser on iOS, iPadOS, and macOS devices. – Attackers can cause Safari to render a webpage and then recover sensitive
Read More
Scattered Spider: The Prolific Threat Hiding in Plain Sight Main Points: The threat actor, Scattered Spider, has been seen impersonating new hires within organizations. By disguising as novices, they manage to breach accounts and organizations worldwide. Microsoft has flagged Scattered Spider as a notably dangerous financial criminal organization. Scattered Spider’s Camouflage Tactic Scattered Spider, a
Read More
Untangling the Web: Common Cybersecurity Risks Businesses Overlook Main Points: Cyberattacks are commonly discussed, but other overlooked cybersecurity risks can lead to lawsuits and privacy violations. The importance of these overlooked aspects is emphasized by a new case study. Various sectors, including healthcare, finance, e-commerce and more should be aware of these potential risks. When
Read More
Here’s a summarized version of the article with important bullet points: – The threat actor, Tortoiseshell, previously associated with Iran, has been tied to a new set of watering hole attacks. – The attacks aim to deploy a specific type of malware called IMAPLoader. – IMAPLoader is .NET malware with the capability to fingerprint victim
Read More
Mirth Connect: Users Pleaded to Update After Discovery of Remote Code Execution Vulnerability A remote code execution vulnerability, tracked as CVE-2023-43208, has been discovered in Mirth Connect, an open-source data integration platform. NextGen HealthCare, the company behind Mirth Connect, is urging users to update to the latest version 4.4.1. This highly exploitable vulnerability was addressed
Read More
Security Holes Uncovered in Major Online Services OAuth Implementation Security flaws Security flaws in the OAuth implementation for Grammarly, Vidio, Bukalapak, and more have been revealed. The faults were discovered and patched between February and April 2023 by the relevant companies after responsible disclosure. Potential consequences included malicious parties gaining unauthorized access to affected accounts.
Read More
Winter Vivern Strikes Again: Roundcube Webmail Software Under Attack Main points: – The cyber villain, Winter Vivern, is up to its old tricks, exploiting a newly discovered vulnerability in Roundcube webmail software. – The exploit happened on October 11, 2023, and victims’ email messages were harvested. – ESET security researcher Matthieu Faou spots Winter Vivern’s
Read More
Cloudy with a Chance of Data: Exploring Data Security in the Cloud Today’s digital landscape is characterized by approximately 60% of corporate data residing in the cloud. Amazon S3 serves as the data-storage backbone for many major corporations. Despite the reputation and security offered by Amazon S3, its role in handling vast amounts of sensitive
Read More
VMware Releases Security Update for vCenter Server Issue – VMware has rolled out security patches to address a critical flaw in the vCenter Server. – The flaw, CVE-2023-34048, poses a risk for remote code execution on the affected systems. – It’s an out-of-bounds write vulnerability related to the DCE/RPC protocol. – Malicious actors with network
Read More
Scan and Deliver: ‘GoPIX’ Malware Targets Brazil’s Instant Payment System High usage of Brazil’s instant payment system, PIX, has made it attractive to cybercriminals employing a new malware, GoPIX. Cybersecurity firm Kaspersky has tracked an active campaign since December 2022, characterizing the attacks as originating from malicious ads. Vulnerabilities appear when users search for “WhatsApp
Read MoreNo products in the cart.