Security News

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
2023-12-05 14:45

Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned. The attacks were further analyzed by Polish Cyber Command, who confirmed that the threat actors have been gaining access to email accounts within Microsoft Exchange servers and modifying folder permissions within the victim's mailbox.

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability
2023-12-05 06:59

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within...

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs
2023-12-01 18:52

Cybersecurity researchers from the firm Hunters discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs.According to the Hunters team, the vulnerability is based on Google Workspace's role in managing user identities across Google Cloud services.

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
2023-11-29 05:07

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program...

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
2023-11-29 04:27

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the...

Vulnerability disclosure: Legal risks and ethical considerations for researchers
2023-11-27 04:30

The conversation also touches on the broader ethical considerations in cybersecurity and the impact of emerging technologies on vulnerability disclosure practices and offers advice for cybersecurity professionals grappling with these critical decisions. Some might argue that in the interest of the public, public disclosure is the most ethical approach as it ensures the issue is closed as quick as possible.

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
2023-11-22 04:49

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and...

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
2023-11-21 10:00

The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing...

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)
2023-11-20 11:43

CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability in Sophos Web Appliance that has been patched by the company in April 2023.CVE-2023-1671 is a pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance that allows attackers to execute arbitrary code.

Intel Patches Widespread Processor Vulnerability
2023-11-15 23:20

Intel has published a fix for a potential vulnerability that affected some Intel processors. On Nov. 14, Intel addressed the potential flaw in a variety of processors.