Security News

CloudFoxable is a capture-the-flag style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to learn exploitation of cloud-native attack paths, and cloud security experts aiming to practice offensive security techniques safely.

There has been a sharp increase in cyber inequity globally, with 90% of executives warning that urgent action is needed to address it, according to the World Economic Forum. While increased geopolitical tensions and economic instability continue to concern industry experts, the report spotlights widening cyber inequity and emerging technologies, such as artificial intelligence, as key rising risks for the year ahead in the fast-growing cybersecurity sector.

Bad bots are automated programs designed with malicious intent to perform various activities on the internet, often causing harm to individuals, organizations, and online ecosystems. By masquerading as authentic users, bad bots empower bot operators, attackers, unscrupulous competitors, and fraudsters to execute a diverse range of malicious activities.

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised...

The series of nine vulnerabilities are found in EDK II - an open source implementation of UEFI maintained by TianoCore, according to researchers from Quarkslab that discovered the issue. According to the researchers, the vulnerabilities are specifically found in the NetworkPkg module included in EDK II, which is used by vendors including Arm, Insyde Software, American Megatrends, Phoenix Technologies and Microsoft.

Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang. Tietoevry confirmed today that the ransomware attack occurred Friday night into Saturday morning and has impacted only one of their data centers in Sweden.

A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials. The phishing campaign started around a year ago, with Facebook having trouble blocking the posts as they continue to this day.

Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly. Fingerprinting protection in Brave Browser is a feature designed to enhance user privacy by preventing websites from tracking users through a technique called fingerprinting.

Google fixes actively exploited Chrome zero-dayIn the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day with an existing exploit. With a constantly evolving threat landscape, cybersecurity awareness training is an essential component in creating a good security culture.

A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 for what it deemed was unauthorized access to external computer systems and spying on data. The programmer examined the software and found that it established a MySQL connection with a remote server belonging to Modern Solution GmbH, the management software vendor.