Security News
Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. Microsoft SharePoint is a web-based collaborative platform that integrates with Microsoft Office and 365, primarily as a document management and data storage system.
Laptop and tablet accessories maker Targus disclosed that it suffered a cyberattack disrupting operations after a threat actor gained access to the company's file servers. Targus is a mobile accessories company known for stylish laptop bags and carrying cases.
Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds. Website security firm Sucuri disclosed last month that hackers had compromised approximately 1,000 WordPress sites to promote crypto drainers, which they promoted via malvertising and YouTube videos.
The U.S. Department of Health and Human Services warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health sector. The sector alert issued by the Health Sector Cybersecurity Coordination Center this week says these tactics have allowed attackers to gain access to targeted organizations' systems by enrolling their own multi-factor authentication devices.
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been...
Acuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data. Acuity is a tech consulting firm with almost 400 employees and a $100+ million annual revenue that provides DevSecOps, cyber security, data analytics, and operations support services to federal civilian national security customers.
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The...
A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May...
The U.S. Department of Homeland Security's Cyber Safety Review Board has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key. Almost 10 months after Microsoft started the investigation, the CSRB states there isn't any definitive evidence on how the threat actor obtained the signing key, regardless of what Microsoft previously claimed.
The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based...