KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the …
TP-Link routers implanted with malicious firmware in state-sponsored attacks
A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point …
Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store
Sophos researchers uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users. These apps have popped up in the Google Play and Apple App …
Inactive Google accounts will be deleted
A week after Twitter announced it will be removing idle accounts after 30 days of inaction, Google has updated its account inactivity policy. Updates to the Google account …
Infamous cybercrime marketplace offers pre-order service for stolen credentials
Infostealer malware, which consist of code that infects devices without the user’s knowledge and steals data, remains widely available to buy through underground forums and …
The CIS Benchmarks Community consensus process
The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS …
Fraudsters send fake invoice, follow up with fake exec confirmation
Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones …
Attack automation becomes a prevalent threat against APIs
The second half of 2022 marked a significant turning point in the security landscape. In several high-profile incidents, application programming interfaces (APIs) emerged as a …
Lacroix manufacturing facilities shut down following cyberattack
French electronics manufacturer Lacroix closed three factories as a result of a cyberattack they “intercepted” over the weekend, the company has announced on …
WhatsApp allows users to lock sensitive chats
Meta has unveiled Chat Lock within WhatsApp, a feature that allows users to keep sensitive and intimate conversations safe from prying eyes. WhatsApp Chat Lock (Source: …
Google Cloud CISO on why the Google Cybersecurity Certificate matters
As part of Google’s commitment to building a strong cybersecurity workforce, the Google Cybersecurity Certificate offers an affordable and accessible pathway to a career …
Advantech’s industrial serial device servers open to attack
Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Source: CyberDanube The …