h1: Fortinet patches critical security flaw in FortiGate firewalls h2: The Vulnerability Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution. The vulnerability is tracked as CVE-2023-27997 and is “reachable pre-authentication, on every SSL VPN appliance.” h2:
Read More
to require authentication with Touch ID or Face ID before reactivating it. This reduces the likelihood that someone else could access the user’s browsing history.” • Safari Private Browsing is getting major updates to protect users better against third-party trackers. • Advanced tracking and fingerprinting protections are being introduced to prevent websites from tracking or
Read More
Vietnamese public companies have fallen victim to a new malware threat that exploits a backdoor named SPECTRALVIPER. This backdoor is a heavily masked, x64 variant that enables PE loading and injection, file uploads and downloads, file and directory manipulations, and token impersonation abilities. Elastic Security Labs issued a recent report on this malware threat. This
Read More
control of the application and access sensitive data. The first vulnerability, CVE-2020-27223, has a CVSS score of 9.1 and exists due to insufficient input validation in the ‘FileID’ parameter. Attackers can exploit this vulnerability by manipulating the parameter to insert malicious SQL queries, resulting in the application executing unauthorized SQL commands. The second vulnerability, CVE-2020-27224,
Read More
h2: Microsoft Reports Multi-Stage AitM Phishing and BEC Attack h3: Banking and Financial Services Targeted According to Microsoft, a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack is currently targeting banking and financial services organizations. The tech giant disclosed that this attack originated from a compromised trusted vendor and transitioned into a
Read More
Asylum Ambuscade: A Dual Threat Introduction Asylum Ambuscade is a threat actor that has been on the radar of cybersecurity experts for some time now. According to an analysis by ESET, Asylum Ambuscade is a crimeware group that targets bank customers and cryptocurrency traders in North America and Europe. While its primary objective is financial
Read More
many people, that cost has been their mental health. Here are the main points of the article: – Digital ecosystems have transformed the way we work, leading to increased productivity and reliance on digital tools – However, this shift has also led to mental health challenges, such as burnout, anxiety, and stress – Strategies to
Read More
h1: CISA and FBI Warn of Ransomware Attacks The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued a warning about the active exploitation of a critical flaw in the Progress Software’s MOVEit Transfer application. The flaw is being used by Cl0p Ransomware gang, aka TA505, to drop ransomware. h2:
Read More
prevent such attacks. Protecting APIs: Best Practices 1. Secure API endpoints API endpoints are the entry and exit points of any data exchange within an application or system. Therefore, securing these endpoints is the first step towards securing an API. Ensure that APIs are accessed only through secure channels (like HTTPS), and implement proper authentication
Read More
elevated privileges on the affected system, which could enable them to run malicious code, view, change, or delete data, or create new accounts with full user rights,” warns Microsoft in a security advisory. The flaw was discovered by researchers at Kaspersky Lab, who notified Microsoft about the issue. While Microsoft has not yet witnessed any
Read MoreNo products in the cart.