General Security News
-
New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and...
-
8 XSS Vulnerabilities in Azure HDInsight Allow Attackers to Deliver Malicious Payloads
Azure HDInsight has been identified with multiple Cross-Site Scripting – XSS vulnerabilities related to Stored XSS and Reflected XSS. The severity...
-
Windows11 Themes vulnerability Let Attackers Execute Arbitrary Code
An Arbitrary code execution vulnerability has been found in Windows 11. This vulnerability is a result of several factors, such as a Time-of-Check...
-
Memory Corruption Flaw in ncurses API Library Exposes Linux and macOS Systems
Multiple memory corruption vulnerabilities have been discovered in the ncurses library, which various programs use on multiple operating systems...
-
Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and...
-
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization...
-
North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its...
-
Trellix DLP Vulnerability Allows Attackers To Delete Unprivileged Files
A privilege escalation vulnerability has been identified in the Trellix Windows DLP endpoint for Windows, which may be exploited to delete any...
-
Next-Gen Email Firewalls: Beyond Spam Filters to Secure Inboxes Checklist
Email communication is still widely used as an attack vector despite the ever-changing nature of cyber threats. The vast number of people who use...
-
Microsoft Teams as a Tool for Storm-0324 Threat Group to Hack Corporate Networks
According to recent reports, a threat actor known as Storm-0324 has been using email-based initial infection vectors to attack organizations....
-
Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors
Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023,...
-
Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems
A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat...