Exploiting Vulnerabilities in the ‘First Line of Cyber Defense’ Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for attackers. Over the years, these attackers have developed their expertise in exploiting various human Read more…
Microsoft Warns of COLDRIVER’s Evolving Evading and Credential-Stealing Tactics Dec 07, 2023The Hacker NewsThreat Intelligence / Cyber Espionage The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Read more…
Microsoft Mitigates Three Vulnerabilities in Azure HDInsight | MSRC Blog Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. Access to the target cluster as an authenticated user was a prerequisite for exploitation in all three cases. A successful Read more…
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices Dec 07, 2023The Hacker NewsMobile Security / Vulnerability A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a Read more…
Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger Dec 07, 2023The Hacker NewsEncryption / Data Privacy Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the “most significant milestone Read more…
New Stealthy ‘Krasue’ Linux Trojan Targeting Telecom Firms in Thailand Dec 07, 2023The Hacker NewsMalware / Security Breach A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named Read more…
Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers Dec 06, 2023NewsroomVulnerability / Web Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) Read more…
Scaling Security Operations with Automation In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. However, limited resources often hinder security teams when combatting these threats, making it difficult to keep up with the growing number of security incidents and alerts. Implementing automation Read more…
Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks Dec 06, 2023NewsroomCyber Threat / Vulnerability A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS. Collectively tracked as Sierra:21, the issues expose over 86,000 devices Read more…
Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts Dec 06, 2023NewsroomAccess Management / Cloud Security Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user Read more…