Biztonsági szemle

Malicious actors could leverage the vulnerability, which stems from improper user check error management in the two-factor REST API action, to facilitate high-privileged account breaches that could then be used for additional attacks, according to...

While WhatsApp proceeded to disable the "Eden" exploit leveraged by NSO Group, the Israeli firm proceeded to create the "Erised" vector to target the app's users until May 2020, noted a court filing from Meta, which also noted that NSO Group, and not...

Malicious emails spoofing Israel's National Cyber Directorate have been leveraged by Cotton Sandstorm to lure targeted entities into downloading a Google Chrome security update, which facilitates the delivery of WezRAT that enables file downloading...

Attackers delivered phishing emails with a ZIP file attachment with an executable Rust-based loader, which prompts Windows batch scripts that not only open lure documents but also facilitate the deactivation of antivirus software prior to the...

Organizations can benefit from designing storage area networks (SANs) that are not only secure, but also with less impact on the planet.

DeepData, which has a layout identical to LightSpy and features a dozen infostealing-focused plugins, enables not only the exfiltration of data from browsers, password managers, and social networking apps, but also the recording of audio from its...

Infiltration of AnnieMac's systems between Aug. 21 and 23 resulted in the potential copying of individuals' names and Social Security numbers, said the New Jersey-based mortgage lender in breach notification letters, which noted the lack of evidence...

The voluntary recommendations from the Department of Homeland Security cover how artificial intelligence should be used in the power grid, water system, air travel network, healthcare, and other pieces of critical infrastructure.

One of the most effective strategies for protecting your digital assets is microsegmentation. The success lies in how it's implemented and the planning.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012 Palo Alto Networks PAN-OS...

Last week, Watchtowr Labs released details describing a new and so far unpatched vulnerability in Citrix's remote access solution [1]. Specifically, the vulnerability affects the "Virtual Apps and Desktops." This solution allows "secure"...