Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk –
Tanto Security uncovered three vulnerabilities which could allow attackers to execute sandbox escapes and gain root permissions on host machines – Read More –
Tanto Security uncovered three vulnerabilities which could allow attackers to execute sandbox escapes and gain root permissions on host machines – Read More –
Coffee County has discovered malicious cyber-activity on its IT systems, and it reportedly severed its connection to Georgia’s state voter registration system – Read More –
European non-profit Noyb has filed a complaint to the Austrian data protection authority (DSB) over OpenAI’s ChatGPT providing false personal information – Read More –
IoT manufacturers, retailers and importers must comply with new security legislation, the PSTI act, from today – Read More –
Okta has issued customers with new advice on how to block mounting credential stuffing attacks – Read More –
CISA’s RVWP program sent 1754 ransomware vulnerability notifications to government and critical infrastructure entities in 2023, leading to 852 devices being secured – Read More –
The US Federal Trade Commission will send $5.6m worth of refunds to the spied-on customers of the Amazon-owned home camera company – Read More –
The two founders of Samourai Wallet have been charged with money laundering and unlicensed money-transmitting offenses – Read More –
An advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally – Read More –
Cyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black’s builder – Read More –
A new ISC2 study highlights the lack of diversity in cybersecurity with only 4% of teams having a majority of women, while 11% have none at all – Read More –
Consumer rights group Which? has found more security gaps in UK banking sites and apps – Read More –
Email-borne fraud accounted for more insurance claims than any other category in 2023, says Coalition – Read More –
Jake Humphrey and Professor Damian Hughes, the minds behind the High Performance Podcast, share their top non-negotiable behaviours for success in cybersecurity – Read More –
The bill that could see TikTok banned in the US has been approved by the House of Representatives and the Senate – Read More –
The US Treasury announced sanctions on two companies and four individuals for cyber campaigns conducted on behalf of the Iranian government – Read More –
The proximity of organizations’ headquarters, like Asda’s and NHS England’s, prompted BlueVoyant to choose Leeds as the location for its first UK SOC – Read More –
Netacea research found that 93% of security leaders expect to face daily AI-driven attacks by the end of 2024, with 65% predicting that offensive AI will be the norm for cybercriminals – Read More –
One in five UK organizations have had corporate data exposed via generative AI, says RiverSafe – Read More –
North Korean hackers ran a year-long cyber-espionage campaign against South Korean defense companies – Read More –
The move is reportedly part of a broader effort to counter the misuse of surveillance technology – Read More –
The call comes amid the rollout of end-to-end encryption on Meta’s Messenger platform – Read More –
Millions of Americans may be impacted by the Change Healthcare data breach as UnitedHealth confirms exposed data includes personal and health information – Read More –
Mandiant’s latest M-Trends report found that vulnerability exploitation was the most common initial infection vector in 2023, making up 38% of intrusions – Read More –
Notorious APT44 group Sandworm launched a major campaign against Ukrainian critical infrastructure in March – Read More –
Microsoft has warned of a long-running credential stealing campaign from Russia’s APT28 – Read More –
The scheme was uncovered by Kaspersky and has been operational since November 2023 – Read More –
This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers – Read More –
CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files – Read More –
The new document is the first release from NSA’s Artificial Intelligence Security Center (AISC), in partnership with other government agencies in the US and other Five Eyes countries – Read More –
The UK’s National Cyber Security Centre will see Richard Horne take over as its new boss in the autumn – Read More –
Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days – Read More –
This drop represents a direct threat to US national cybersecurity infrastructure, said CyberSN representatives in their report – Read More –
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024 – Read More –
The figures come from Egress’s latest report, which also suggests secure email gateways lag behind tech advancements – Read More –
Mandiant has confirmed that Sandworm is responsible for many cyber-attacks against Ukraine has close ties with a Russian hacktivist group – Read More –
Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication – Read More –
A US government advisory sets out actions election officials need to take to mitigate the impact of nation-state influence campaigns ahead of the November elections – Read More –
Bridewell report reveals critical infrastructure firms are losing faith in their defensive tooling – Read More –
The Metropolitan Police and partners have disrupted the prolific LabHost phishing-as-a-service platform – Read More –
The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server – Read More –
Proofpoint confirmed Kimsuky has directly contacted foreign policy experts since 2023 through seemingly benign email conversations – Read More –
OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations – Read More –
This year’s EU elections will be a stress test to see whether the newly adopted Digital Services Act can efficiently mitigate misinformation threats – Read More –
Cifas reveals 14% rise in dishonest employees, driven mainly by financial necessity last year – Read More –
Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution – Read More –
WithSecure researchers said it is likely Russian state group Sandworm has added a novel backdoor dubbed ‘Kapeka’ to its arsenal – Read More –
According to Pentera, firms are allocating 13% of their total IT security budgets to pentesting – Read More –
Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI – Read More –
An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database – Read More –
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.