Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign
A new campaign of social engineering activity targeting organisations of interest to Russian intelligence has been observed in the wild, in which already-compromised Microsoft 365…
Author: Cybernoz
India mandates licensing for laptop, tablet imports – Hardware
India will impose a licensing requirement for imports of laptops, tablets and personal computers with immediate effect, a move that could hit hard the likes…
[tl;dr sec] #193 – ATT&CK for AI and SaaS, GitHub Actions Goat, Finding Bugs in Web App Routes
I hope you’ve been doing well! Hack Week This week we had people fly in from all over the world to meet and hack together.…
Qualys unveils first-party software risk management solution
The Qualys Cloud Platform now includes new capabilities for assessing risks in first-party applications. Customers can “bring their own” assessment and remediation logic into Qualys…
Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks – Security
A Russian government-linked hacking group took aim at dozens of global organisations with a campaign to steal login credentials by engaging users in Microsoft Teams…
Dozens of RCE Vulnerabilities Impact Milesight Industrial Router
Dozens of vulnerabilities impacting the Milesight UR32L industrial router could be exploited to execute arbitrary code or commands, Cisco’s Talos security researchers warn. A cost-effective…
A Penetration Testing Buyer’s Guide for IT Security Teams
The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result…
Decommissioned Medical Infusion Pumps Expose Wi-Fi Configuration Data
Most medical infusion pumps sold via secondary market sources still contain Wi-Fi configuration settings from the original organization that deployed them, cybersecurity firm Rapid7 has…
Lineaje BOMbots remediate security issues using generative AI
Lineaje unveiled BOMbots, AI-based automation bots that deliver optimized recommendations and remediations across the entire supply chain. These AI-based automation bots analyze deep software bill…
These Are the Top Five Cloud Security Risks, Qualys Says
Cloud security specialist Qualys has provided its view of the top five cloud security risks, drawing insights and data from its own platform and third…
OWASP Top 10 for LLM applications is out!Security Affairs
OWASP released the OWASP Top 10 for LLM (Large Language Model) Applications project, which provides a list of the top 10 most critical vulnerabilities impacting…
Russian APT phished government employees via Microsoft Teams
An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft.…