Biztonsági szemle
2024. Nov. 13.
Biztonsági szemle
Highly targeted GootLoader malware campaign discovered
Threat actors leveraged search results for the query 'Are Bengal Cats legal in Australia?' which when clicked enabled the download of a malicious ZIP archive installing the GootKit information-stealing payload and remote access trojan, according to a...
2024. Nov. 13.
Biztonsági szemle
Joint RustyStealer, Ymir ransomware attacks emerge
Numerous systems have been initially targeted with the RustyStealer credential-harvesting tool to facilitate high-privilege account compromise and lateral movement prior to the execution of SystemBC malware-related scripts and exfiltration of data...
2024. Nov. 13.
Biztonsági szemle
November Patch Tuesday brings cornucopia of 89 fixes to Windows
Microsoft has delivered a bounty of patches this November in its latest edition of Patch Tuesday.
2024. Nov. 12.
Biztonsági szemle
2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could...
2024. Nov. 12.
Biztonsági szemle
Amazon Employee Data Compromised in MOVEit Breach
The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.
2024. Nov. 12.
Biztonsági szemle
Millions of records from MOVEit hack released on dark web
Reportedly 2.8 million Amazon records alone were exposed.
2024. Nov. 12.
Biztonsági szemle
New Essay Competition Explores AI's Role in Cybersecurity
The essays are to focus on the impact that artificial intelligence will have on European policy.
2024. Nov. 12.
Biztonsági szemle
CrowdStrike Spends to Boost Identity Threat Detection
Adaptive Shield is the third security posture management provider the company has acquired in the last 14 months as identity-based attacks continue to rise.
2024. Nov. 12.
Biztonsági szemle
'GoIssue' Cybercrime Tool Targets GitHub Developers En Masse
Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches.
2024. Nov. 12.
Biztonsági szemle
Citrix Issues Patches for Zero-Day Recording Manager Bugs
There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE."
2024. Nov. 12.
Biztonsági szemle
Citrix 'Recording Manager' Zero-Day Bug Allows Unauthenticated RCE
The security vulnerability is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter.
2024. Nov. 12.
Biztonsági szemle
The Power of the Purse: How to Ensure Security by Design
CISA should make its recommended goals mandatory and perform audits to ensure compliance.