cybersecurity news

[[{"value":"Guardio Labs has uncovered a significant vulnerability in Microsoft Edge, Microsoft’s flagship web browser, that could allow hackers to install malicious extensions without the user’s knowledge. This flaw, if exploited,…

Advanced adversaries are increasingly focused on enterprise technologies and their vendors, while end-user platforms are having success stifling zero-day exploits with cybersecurity investments, according to Google. Read More  

Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was delivered via a phishing email, masquerading as an invitation letter

[[{"value":"The persistent search for money and the threat actors increasingly becoming more sophisticated are driving the alarming rate of malware change. Every day, new types of malware are created and…

IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management. Read More  

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with

[[{"value":"Mispadu, a banking trojan initially targeting Latin America, has expanded its attacks to Europe, stealing credentials through phishing emails and malicious URLs.  The attackers utilize stolen credentials for further phishing…

A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' systems and carry out malicious actions.  "This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user's knowledge," Guardio

[[{"value":"This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the Cybercrime Magazine Podcast Sausalito, Calif. – Mar. 27, 2024 In Jun. 2021, Lisa Spaniarman’s 81-year-old mother sent…

Pervasive and inexpensive phishing kit encompasses hundreds of templates targeting Kuwait Post, Etisalat, Jordan Post, Saudi Post. Australia Post, Singapore Post, and postal services in South Africa, Nigeria, Morocco, and…