Security News

Microsoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. "The stolen 2016 MSA key in combination with [a] flaw in the token validation system permitted the threat actor to gain full access to essentially any Exchange Online account," CISA's Cyber Safety Review Board noted in a recently released Review of the Summer 2023 Microsoft Exchange Online Intrusion.

Google announced a new Chrome security feature that ties cookies to a specific device, blocking hackers from stealing and using them to hijack users' accounts.To solve this problem, Google is working on a new feature called Device Bound Session Credentials that makes it impossible for attackers to steal your cookies by cryptographically binding your authentication cookies to your device.

A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at...

AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. While the company continues to say there is no indication their systems were breached, it has now confirmed that the leaked data belongs to 73 million current and former customers.

Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting...

Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on...

The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security was behind a breach of the country's parliament disclosed in March 2021. As Finnish Parliament officials said three years ago, when describing the incident as a "State cyber-espionage operation" believed to be linked to "The so-called APT31 operation," the attackers gained access to multiple parliament email accounts, including some belonging to Finnish MPs. On Monday, the U.S. Treasury Department's Office of Foreign Assets Control sanctioned two APT31 operatives who worked as contractors for Wuhan XRZ, an OFAC-designated front company used by the Chinese MSS as cover in U.S. critical infrastructure attacks.

Ray is an open-source framework developed by Anyscale that is used to scale AI and Python applications across a cluster of machines for distributed computational workloads. In November 2023, Anyscale disclosed five Ray vulnerabilities, fixing four tracked as CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.