What does the year ahead hold for SMB cybersecurity?
Small and medium businesses (SMBs) play a massive role in the economy and, in the UK private sector alone, account for three-fifths of employment and…
Author: Cybernoz
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the…
Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
Feb 07, 2025Ravie LakshmananCloud Security / Web Security Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys…
Microsoft Edge update adds AI-powered Scareware Blocker
Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating…
New Attack Abusing Kerberos Delegation in Active Directory Networks
A new attack vector exploiting vulnerabilities in Kerberos delegation within Active Directory (AD) networks has been uncovered, posing significant risks to enterprise security. This technique…
Logsign Vulnerability Allows Remote Attackers to Bypass Authentication
A critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps Platform, allowing remote attackers to bypass authentication mechanisms. The vulnerability tracked…
AI-Powered Social Engineering: Reinvented Threats
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques…
430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations
The personal and health information of over 430,000 individuals was compromised in October and November 2024 data breaches at Allegheny Health Network (AHN) and University…
Microsoft has finally fixed Date & Time bug in Windows 11
Windows 11’s January 28 optional update has fixed a long-standing issue in Windows 11 24H2 that prevents non-admin users from changing their time zone in…
7-Zip 0-Day Flaw Added to CISA’s List of Actively Exploited Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability affecting the popular file compression utility, 7-Zip, to its Known Exploited…
New Facebook Fake Copyright Notices to Steal Your FB Accounts
A newly discovered phishing campaign is using fake Facebook copyright infringement notices to trick users into divulging their credentials, potentially compromising business accounts. Phishing Campaign…
India’s RBI Introduces Exclusive “bank.in” Domain to Combat Digital Banking Fraud
Feb 07, 2025Ravie LakshmananFinancial Security / Regulatory Compliance India’s central bank, the Reserve Bank of India (RBI), said it’s introducing an exclusive “bank.in” internet domain…