Please turn on your JavaScript for this page to function normally.
Cisco Webex
Vulnerability in Cisco Webex cloud service exposed government authorities, companies

The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party …

smartphone
Apps secretly turning devices into proxy network nodes removed from Google Play

Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and …

ransomware
RaaS groups increasing efforts to recruit affiliates

Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better …

malware
The most prevalent malware behaviors and techniques

An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, …

industry
Web-based PLC malware: A new potential threat to critical infrastructure

A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced …

ransomware
What makes ransomware victims less likely to pay up?

There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more. University of Twente …

CloudFoxable
CloudFoxable: Open-source AWS penetration testing playground

CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to …

Bosch Rexroth NXA015S
Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that …

artificial intelligence
Securing AI systems against evasion, poisoning, and abuse

Adversaries can intentionally mislead or “poison” AI systems, causing them to malfunction, and developers have yet to find an infallible defense against this. In …

server room
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 …

SSH
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the …

Windows injection
“Pool Party” process injection techniques evade EDRs

SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool …

Don't miss

Cybersecurity news