Cyber Attack on Cisco Duo breaches its multifactor authentication
Cisco Duo, which was acquired by Cisco in 2018, has notified its user base about a potential breach in its database stemming from a compromise…
Author: Cybernoz
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)
A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased”…
AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs
Apr 16, 2024NewsroomCloud Security / DevSecOps New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can…
Cisco warns of large-scale brute-force attacks against VPN services
Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. A brute force…
Cisco Duo provider breached, SMS MFA logs compromised
Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs…
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a “credible” takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities…
Post Office boss signed off hush money to cover up smoking gun
A former Post Office senior executive agreed the suffering of subpostmasters could have been avoided if the organisation had investigated reported IT problems rather than…
PuTTY SSH client flaw allows recovery of cryptographic private keys
A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key…
Ex-Security Engineer Jailed For Hacking Decentralized Cryptocurrency Exchanges
Ahmed exploited a vulnerability in a decentralized cryptocurrency exchange’s smart contract by injecting fabricated pricing data, which triggered the generation of inflated fees totaling $9…
Tanium Automate reduces manual processes for repeatable tasks
Alongside Tanium Guardian and its partnership with Microsoft Copilot for Security, Tanium Automate serves as another critical component in support of the autonomous endpoint management…
New ransomware group demands Change Healthcare ransom
The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its…
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks
Apr 16, 2024NewsroomThreat Intelligence / Endpoint Security The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a…