Oct 10, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked… Read More "CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches"
N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware
Oct 09, 2024Ravie LakshmananPhishing Attack / Malware Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster,… Read More "N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware"
Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale
Oct 09, 2024Ravie LakshmananCybercrime / Threat Detection Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange… Read More "Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale"
Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries
Oct 09, 2024Ravie LakshmananIndustrial Security / Critical Infrastructure Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. “The vulnerabilities could allow… Read More "Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries"
The Weak Link in Organizational SaaS Security
Oct 09, 2024The Hacker NewsSaaS Security / Identity Security Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite… Read More "The Weak Link in Organizational SaaS Security"
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild
Oct 09, 2024Ravie LakshmananVulnerability / Zero-Day Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated… Read More "Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild"
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks
Oct 09, 2024Ravie LakshmananEnterprise Security / Identity Theft Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The… Read More "Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks"
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
Oct 08, 2024Ravie LakshmananMalware / Cybercrime Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. “These attacks capitalize on the popularity of Lua… Read More "Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines"
Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Oct 08, 2024Ravie LakshmananZero-Day / Vulnerability Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in… Read More "Three Critical Ivanti CSA Vulnerabilities Actively Exploited"
The Value of AI-Powered Identity
Oct 08, 2024The Hacker NewsMachine Learning / Data Security Introduction Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds… Read More "The Value of AI-Powered Identity"