Hackers Exploiting Azure Key Vault Access Policies To Read Sensitive Data
A critical security configuration in Azure Key Vault has been discovered, potentially allowing users with the Key Vault Contributor role to access sensitive data contrary…
Category: CyberSecurityNews
Hikvision Camera Driver Vulnerability Records Login details in Log files
A newly disclosed security vulnerability, tracked under CVE-2024-12569, has been identified in Hikvision camera drivers integrated with Milestone’s XProtect® Device Pack. This vulnerability has raised…
CISA Released National Cyber Incident Response Plan (NCIRP)
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled an updated version of the National Cyber Incident Response Plan (NCIRP), a strategic framework for coordinating…
New Phishing Attack Exploiting HubSpot Tools To Steal Microsoft Azure Logins
A sophisticated phishing campaign targeting European companies. The attack, which peaked in June 2024, aims to harvest Microsoft Azure cloud credentials and compromise victims’ cloud…
Next.js Authorization Bypass Vulnerability Exposes Root-Level Pages
A critical security vulnerability tracked as CVE-2024-51479 has been identified in Next.js, a widely used React framework for building web applications. The flaw allowed unauthorized…
CISA Warns of 4 New Vulnerabilities Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting significant security risks for various…
US to Ban TP-Link Routers, as They Fuel Chinese Cyber Attacks
US authorities are considering a ban on TP-Link routers due to concerns over their potential role in Chinese cyber attacks. The popular router manufacturer, which…
CISA Urges Use of End-to-End Encrypted Messaging Services like Signal
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning to senior government officials and political figures to adopt end-to-end encrypted messaging services…
Multiple GStreamer Vulnerabilities Impact Linux Distributions Using GNOME
A recent security investigation has uncovered a series of vulnerabilities in GStreamer, the open-source multimedia framework integral to GNOME-based Linux distributions. According to reports, vulnerabilities,…
Okta Warns of Phishing Attacks Mimic Okta Support to Steal MFA Tokens
Okta, a leading identity and access management platform, has issued a warning about an increase in sophisticated phishing attacks targeting its customers by impersonating the…
Threat Actors Abusing Cloudflare Workers Service To Deliver Weaponized Application
A sophisticated attack campaign leveraging Cloudflare’s Workers service to distribute malicious applications disguised as legitimate software. The Computer Emergency Response Team of Ukraine (CERT-UA) reported…
INTERPOL To Replace ‘Pig Butchering’ Term With “Romance Baiting”
INTERPOL is advocating for a shift in terminology to combat online relationships and investment fraud. The international police organization is urging the replacement of the…