General Security News
-
Over 6000 Internet-Exposed Cacti Servers are Unpatched for Critical Security Vulnerability
A significant number of servers that use the Cacti software, and are connected to the internet, have not been updated to fix a security...
-
CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out...
-
Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access
Four different Microsoft Azure services have been found vulnerable to server-side request forgery (SSRF) attacks that could be exploited to gain...
-
Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware
New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim...
-
Hackers Compromised CircleCI Employee’s Laptop to Breach the Company’s Systems
CircleCI, a DevOps platform, discovered that malware installed on a CircleCI engineer’s laptop was used by an unauthorized third party to steal a...
-
Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems
A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop...
-
Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software
A "large and resilient infrastructure" comprising over 250 domains is being used to distribute information-stealing malware such as Raccoon and...
-
A Secure User Authentication Method – Planning is More Important than Ever
When considering authentication providers, many organizations consider the ease of configuration, ubiquity of usage, and technical stability....
-
Norton Password Manager Breached – Hackers Accessed Username and Password
Customers were notified by NortonLifeLock – Gen Digital that accounts for Norton Password Manager had been successfully breached. They made it...
-
FortiOS SSL-VPN Zero-day Flaw Exploited to Attack Government Organizations
There have been a number of attacks against government organizations and government-related targets using FortiOS SSL-VPN zero-day vulnerabilities...
-
Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident
DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their...
-
Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under...