Court overturns Appian’s $2bn trade secrets award against Pegasystems
Software company Pegasystems has persuaded a court to throw out a decision by a jury to award rival Appian $2bn in damages following a legal…
Month: July 2024
Google ads push fake Google Authenticator site installing malware
Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware. For…
Google Enhances Chrome Security to Prevention Users From Cookie Steal Malware
Google has introduced several measures to address this threat, including Safe Browsing download protection in Chrome, Device Bound Session Credentials, and account-based threat detection systems…
Banks, telcos call for more data sharing to fight fraud
A coalition of financial services institutions and communications service providers, convened by consumer advocacy organisation Which?, have called on the new Labour government to make…
OAuth and PostMessage
Tl;DR; An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth IDP at https://app.target.com/oauth/authorize, which allowed attackers to control the path of…
DDoS attacks won’t impact US election integrity
CISA and the FBI said today that Distributed Denial of Service (DDoS) attacks targeting election infrastructure will, at most, hinder public access to information but…
Analysis of Top Infostealers: Redline, Vidar and Formbook
Protect your data from cyber threats: Learn about RedLine, Vidar, and FormBook infostealers, their tactics, and how ANY.RUN’s sandbox helps analyze and expose malware attacks.…
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova
Jul 31, 2024Ravie LakshmananCyber Espionage / Threat Intelligence Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known…
Campaigners call for evidence to reform UK’s cyber laws
The CyberUp Campaign, a group calling for urgent reform to the Computer Misuse Act of 1990, has launched a fresh consultation inviting security professionals and…
Ransomware Strikes U.S. Non-profit Blood Center ‘OneBlood’
A ransomware attack is impacting the software system of OneBlood, a blood donation non-profit that serves hundreds of hospitals in the southeastern U.S. “Our team…
OneBlood’s virtual machines encrypted in ransomware attack
OneBlood, a large not-for-profit blood center that serves hospitals and patients in the United States, is dealing with an IT systems outage caused by a…
Critical OAuth Vulnerability Exposes 1 Million Sites to XSS Attacks
Security researchers have uncovered a critical vulnerability affecting over one million websites. The vulnerability combines OAuth implementation flaws with cross-site scripting (XSS) attacks. The vulnerability…