Biztonsági szemle

Most serious of the resolved vulnerabilities was the critical OS command injection issue, tracked as CVE-2024-9463, which could be exploited to expose firewalls' usernames, cleartext passwords, API keys, and configurations.

Included in the 6.4 GB SQL database were Internet Archive members' email addresses, usernames, Bcrypt-hashed passwords and password change timestamps, as well as other internal details as recent as September 28, when the attack was believed to have...

While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management...

Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.

While threat actors continued to impersonate employers on job search platforms to lure software developers into participating in an online interview that would be followed by BeaverTail malware compromise, more recent attacks entailed the deployment...

Threat actors leveraged social engineering techniques to lure targets into executing a malicious MSI installer-spoofing LNK file that would run an obfuscated script, which ensures persistence and downloads the VSCode command-line interface in the...

The average higher education institution is getting hit once a week now, and as one Oregon State University attack shows, the sector often lacks the resources to keep pace.

All across the Asia-Pacific region, large and diverse marketplaces for AI cybercrime tools have developed, with deepfakes proving most popular.

Global Signal Exchange will act as a global clearing house for online scams and fraud signals.