Security News > 2024 > August
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. [...]
Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. "An authenticated attacker can bypass Server-Side Request Forgery protection in Microsoft Copilot Studio to leak sensitive information over a network," Microsoft said in an advisory released on August 6, 2024.
Phrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine's history. [...]
A new study finds that these threats remain top of mind for 78% of U.S. technology leaders as more SaaS apps find their way into the enterprise. Although enterprises have been prioritizing data privacy and security, their continued reliance on SaaS and cloud offerings means they remain at risk, according to the The SaaS Disruption Report: Security & Data by Onymos and Enterprise Strategy Group.
A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the...
Forget about your love life too, no dating apps until the war is over Russia's Ministry of Internal Affairs is warning residents of under-siege regions to switch off home surveillance systems and...
A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. [...]
Rolling Stone has a long investigative story about a CIA agent who spent years posing as an Islamic radical. Unrelated, but also in the "Real life spies" file: a fake Sudanese diving resort run by Mossad. Tags: al Qaeda, CIA, espionage, undercover.
Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. Internet-exposed PostgreSQL databases are a favorite target of opportunistic cryptojacking groups and, occasionally, extortionists.
It's no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications to...