70% of exploited flaws disclosed in 2023 were zero-days
Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. Specifically,…
Category: Bleeping Computer
SolarWinds Web Help Desk flaw is now exploited in attacks
CISA has added three flaws to its ‘Known Exploited Vulnerabilities’ (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk…
US disrupts Anonymous Sudan DDoS operation, indicts 2 Sudanese brothers
The United States Department of Justice unsealed an indictment today against two Sudanese brothers suspected of being the operators of Anonymous Sudan, a notorious and…
Understand these seven password attacks and how to stop them
Hackers are always looking for new ways to crack passwords and gain access to your organization’s data and systems. So how can you ensure you’re…
Critical Kubernetes Image Builder flaw gives SSH root access to VMs
A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. Kubernetes…
Malicious ads exploited Internet Explorer zero day to drop malware
The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT…
Amazon says 175 million customers now use passkeys to log in
Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year ago, announcing today that over 175 million customers use…
Amazon says 175 million customer now use passkeys to log in
Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year ago, announcing today that over 175 million customers use…
Finland seizes servers of ‘Sipultie’ dark web drugs market
The Finnish Customs office took down the website and seized the servers for the darknet marketplace ‘Sipulitie’ where criminals sold illegal narcotics anonymously. The agency’s…
EDRSilencer red team tool used in attacks to bypass security
A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles.…
New FIDO proposal lets you securely move passkeys across platforms
The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between…
Over 200 malicious apps on Google Play downloaded millions of times
Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million…