Monthly Archives: January 2023

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk

Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if...

12
Jan
Patch where it Hurts: Effective Vulnerability Management in 2023

A recently published Security Navigator report data shows that businesses are still taking 215 days to patch...

12
Jan
Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System

Twitter on Wednesday said that its investigation found “no evidence” that users’ data sold online...

12
Jan
Alert: Hackers Actively Exploiting Critical “Control Web Panel” RCE Vulnerability

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web...

12
Jan
Digital Identity Guidelines – Kicking Off Revision 4!
January 12, 2023

The Draft Fourth Revision to NIST Special Publication 800-63, Digital Identity Guidelines (Draft NIST SP...

New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors

A new analysis of Raspberry Robin’s attack infrastructure has revealed that it’s possible for other threat actors...

11
Jan
Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

A wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging...

11
Jan
Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99

Are you looking to take your career in the information security industry to the next...

11
Jan
Dark Pink APT Group Targets Governments and Military in APAC Region

Government and military organizations in the Asia Pacific region are being targeted by a previously...

11
Jan
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98...

11
Jan
Cybercriminals are using ChatGPT to create malware
January 10, 2023

How malicious parties are using AI chatbots to help power cyber crime...

StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users

The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version...

10
Jan
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema...

10
Jan
Italian Users Warned of Malware Attack Targeting Sensitive Information

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy...

10
Jan
NIST Releases Two Draft Guidelines on Personal Identity Verification (PIV) Credentials
January 10, 2023

NIST is announcing the initial public drafts of NIST SP 800-157r1 (Revision 1), Guidelines for...

NIST Releases Two Draft Guidelines on Personal Identity Verification (PIV) Credentials
January 10, 2023

NIST is announcing the initial public drafts of NIST SP 800-157r1 (Revision 1), Guidelines for...

Critical Security Flaw Found in “jsonwebtoken” Library Used by 22,000+ Projects

A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that,...

10
Jan
Using MSPs to administer your cloud services
January 10, 2023

Andrew A explains what you must check before giving Managed Service Providers (MSPs) the keys...

Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers...

09
Jan
New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious...

09
Jan
Why Do User Permissions Matter for SaaS Security?

Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over...

09
Jan
Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock,...

09
Jan
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have...

09
Jan
Top SaaS Cybersecurity Threats in 2023: Are You Ready?

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems...

09
Jan
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions

A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to...

09
Jan
Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used...

08
Jan
Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass...

06
Jan
Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest –...

06
Jan
Dridex Malware Now Attacking macOS Systems with Novel Infection Method

A variant of the infamous Dridex banking malware has set its sights on Apple’s macOS...

06
Jan
NIST Requests Public Comments on SP 800-132, Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
January 6, 2023

NIST is in the process of a periodic review and maintenance of its cryptography standards...