Citrix warns admins to manually mitigate PuTTY SSH client bug
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin’s private SSH key.…
Author: Cybernoz
New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation
May 09, 2024NewsroomEncryption / Data Privacy Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on…
AT&T delays Microsoft 365 email delivery due to spam wave
AT&T’s email servers are blocking connections from Microsoft 365 due to a “high volume” spam wave originating from Microsoft’s service. Starting on Monday, AT&T customers…
Kata Containers – Improper file permissions for read-only volumes
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into…
Dell discloses data breach impacting millions of customers
Dell discloses data breach impacting millions of customers Pierluigi Paganini May 09, 2024 Dell disclosed a security breach that exposed millions of customers’ names and…
Ascension suffers Cyber Attack – Cybersecurity Insiders
Ascension, a provider of services related to hospital care and senior living facilities, has released an official statement acknowledging a cyber-attack on its IT network.…
British Columbia investigating cyberattacks on government networks
The Government of British Columbia is investigating multiple “cybersecurity incidents” that have impacted the Canadian province’s government networks. Premier David Eby said in a Wednesday…
Combatting foreign interference – Cybersecurity Insiders
The spectre of foreign interference, ranging from corporate espionage to intellectual property theft, poses significant threats to organisations striving for competitive edge. Against this backdrop,…
Zero Trust: Unravelling the enigma and charting the future
For nearly two decades, the concept of Zero Trust has perplexed and intrigued IT and cybersecurity professionals alike. It’s been labelled a vulnerability, a decision,…
Exploit Archeology – Exploiting an old unknown Server Side Browser
I was recently hacking on a Bug Bounty target and identified an interesting API endpoint which would render user supplied HTML, and execute any included…
Navigating the Future: Zero Trust and SSE in Cybersecurity Leadership Strategies
The cybersecurity landscape is undergoing a rapid and alarming transformation. The once impregnable castle-and-moat defenses are proving inadequate in this new hybrid world. This article…
Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign
May 09, 2024NewsroomMobile Security / Cyber Attack Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state…