Security News > 2024 > April
Okta warns of an "Unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. In an advisory today, Okta says the attacks seem to originate from the same infrastructure used in the brute-force and password-spraying attacks previously reported by Cisco Talos [1, 2]. In all attacks that Okta observed the requests came through the TOR anonymization network and various residential proxies.
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on...
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity...
What motivates the Russian autocrat? Browder argues that "Putin is a little man, who has stolen too much money, who is terrified of losing power. If he loses power he will go to jail, lose his money, and die. So you've this little [man] who is scared of losing his life. So what [does Putin] do?" He creates "a foreign enemy. That is what the Ukrainian invasion is all about."Browder warns that despite heroic efforts: Ukraine can still lose the war if the West backs away from its commitments to the besieged nation. What would come next? Browder argues that Putin cannot back down or not begin an invasion of Europe: Putin's ability to survive, having stolen hundreds of billions from his own people, depends on him being able to portray himself as a war president keeping his nation safe.
The number of Microsoft vulnerabilities has mostly flattened in 2023, with elevation of privilege and identity attacks being particularly common, according to BeyondTrust's annual Microsoft Vulnerabilities report. The total number of Microsoft vulnerabilities has remained mostly steady for the past four years, with a slight dip in 2023 from 1,292 to 1,228 reported vulnerabilities.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Telegram users are currently experiencing issues worldwide, with users unable to use the website and mobile apps. [...]
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan. The developers are asked to perform tasks supposedly related to the interview, like downloading and running code from GitHub, in an effort to make the entire process appear legitimate.
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all...