General Security News
-
Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users
Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to...
-
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its Known Exploited...
-
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the...
-
ETHERLED – A New Attack Method to Exfiltrate Data from Air-Gapped Devices using LED Indicators
A researcher from Israel, Mordechai Guri, has concluded that he has discovered the possibility of exfiltrating data from air-gapped systems...
-
VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite
Cloud computing company, VMware addresses local privilege escalation vulnerability in the VMware Tools suite of utilities that impacts both...
-
Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework
Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as...
-
Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136...
-
U.S. Government Spending Billions on Cybersecurity
In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills...
-
Google Uncovered Tool used by Iranian APT Hackers to Steal Email Data
There has been an addition to the Iranian APR group Charming Kitten’s malware arsenal recently with the addition of a new malicious tool. This...
-
How Can WAF Prevent OWASP Top 10?
The OWASP Top 10 security risks point out the common vulnerabilities seen in web applications. But it does not list the set of attack vectors...
-
PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks
The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and...
-
Crypto Miners Using Tox P2P Messenger as Command and Control Server
Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier...