Testing with OpenAPI Specifications
The 2023 SANS Survey on API Security (Jun-2023) found that less than 50 percent of respondents have API security testing...
Read more →Author: Cybernoz
‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks
A serious privilege escalation vulnerability patched recently in the GNU C Library (glibc) has been exploited in cloud attacks by...
Read more →
Who’s Behind the SWAT USA Reshipping Service? – Krebs on Security
Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently,...
Read more →
Fake Ledger App on Microsoft Store Leads to $800,000 Crypto Theft
The fake Ledger Live app on the Microsoft Store deceived users into downloading malware, which stole their Bitcoin and Ethereum...
Read more →
Shadow IT use at Okta behind series of damaging breaches
An Okta employee who signed into their personal Google account on a company-owned device appears to have been the source...
Read more →
Medusa Claims Canadian Psychological Association Cyberattack
The Canadian Psychological Association (CPA), the primary representative body for psychologists across Canada, has allegedly fallen victim to a cyberattack...
Read more →
US Sanctions Russian National for Helping Ransomware Groups Launder Money
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Friday announced sanctions against Ekaterina Zhdanova, a...
Read more →
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system...
Read more →
Iranian APT Targets Israeli Education, Tech Sectors With New Wipers
Since January 2023, an Iranian advanced persistent threat (APT) actor has been targeting higher education and technology organizations in Israel...
Read more →
Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure
Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure Pierluigi Paganini November 06, 2023 Google warns of multiple...
Read more →
Cybercrime service bypasses Android security to install malware
A new dropper-as-a-service (DaaS) cybercrime operation named ‘SecuriDropper’ has emerged, using a method that bypasses the ‘Restricted Settings’ feature in Android...
Read more →
Medical research data Advarra stolen after SIM swap
Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also...
Read more →