Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system.
The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called My Flow that makes it
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases.
Figure 1: Year over year victims per quarter
The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a teaser—2023 roared back with the same fervor as 2021, propelling existing groups and ushering in a wave of formidable
Attackers exploit a recent Windows SmartScreen bypass vulnerability to deploy the Phemedrone information stealer. The post Information Stealer Exploits Windows SmartScreen Bypass appeared first on SecurityWeek. Read More
New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper. Read More
GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails. The post GitLab Patches Critical Password Reset Vulnerability appeared first on SecurityWeek. Read More
Netscout sees over one million IPs conducting reconnaissance scanning on the web due to increase in use of cheap or free cloud servers. The post Cloud Server Abuse Leads…
From Cyber Security News – Living-off-Trusted-Sites (LOTS) – APT Hackers Abusing GitHub To Deliver Malware Payload
Hackers use GitHub to access and manipulate source code repositories. GitHub hosts open-source projects, and unauthorized access allows hackers to inject malicious code, steal sensitive information, and exploit vulnerabilities…
Zero Trust Security is a strategic approach to cybersecurity that centers on the principle of “never trust, always verify.” This model questions the standard security paradigm that previously assumed…
From Security Week – Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches
Juniper Networks patches over 100 vulnerabilities, including a critical flaw that can be exploited for remote code execution against firewalls and switches. The post Juniper Networks Patches Critical Remote…
Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could allow attackers to execute arbitrary code on affected systems.
Romanian cybersecurity firm Bitdefender, which discovered the flaw in Bosch BCC100 thermostats last August, said the issue could be weaponized by an attacker to
From The Hacker News – Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability
Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector.
First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws WordPress plugins to inject backdoor designed to redirect visitors of infected sites to bogus tech
The environmental services industry witnessed an “unprecedented surge” in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic.
This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week.
“This surge in cyber attacks coincided
This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo (IPE24) in Cape Town, South Africa, January 25-26,…
The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show.
The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one which exploited a security flaw in Zyxel firewall (CVE-2023-28771) and a