Hackers can abuse Microsoft Office executables to download malware
The list of LOLBAS files – legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will soon include the main…
Month: August 2023
Empowering the User: An Interview with Guy Guzner on SAVVY’s User-Centric Security Solution
The Human Factor in Cybersecurity In cybersecurity, the user is often considered the weakest link in the security chain. This weakness stems from the myriad…
New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3
Aug 03, 2023THNBrowser Security / Malware Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive…
Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign
A new campaign of social engineering activity targeting organisations of interest to Russian intelligence has been observed in the wild, in which already-compromised Microsoft 365…
India mandates licensing for laptop, tablet imports – Hardware
India will impose a licensing requirement for imports of laptops, tablets and personal computers with immediate effect, a move that could hit hard the likes…
[tl;dr sec] #193 – ATT&CK for AI and SaaS, GitHub Actions Goat, Finding Bugs in Web App Routes
I hope you’ve been doing well! Hack Week This week we had people fly in from all over the world to meet and hack together.…
Qualys unveils first-party software risk management solution
The Qualys Cloud Platform now includes new capabilities for assessing risks in first-party applications. Customers can “bring their own” assessment and remediation logic into Qualys…
Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks – Security
A Russian government-linked hacking group took aim at dozens of global organisations with a campaign to steal login credentials by engaging users in Microsoft Teams…
Dozens of RCE Vulnerabilities Impact Milesight Industrial Router
Dozens of vulnerabilities impacting the Milesight UR32L industrial router could be exploited to execute arbitrary code or commands, Cisco’s Talos security researchers warn. A cost-effective…
A Penetration Testing Buyer’s Guide for IT Security Teams
The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result…
Decommissioned Medical Infusion Pumps Expose Wi-Fi Configuration Data
Most medical infusion pumps sold via secondary market sources still contain Wi-Fi configuration settings from the original organization that deployed them, cybersecurity firm Rapid7 has…
Lineaje BOMbots remediate security issues using generative AI
Lineaje unveiled BOMbots, AI-based automation bots that deliver optimized recommendations and remediations across the entire supply chain. These AI-based automation bots analyze deep software bill…