VMware Confirms Live Exploits Hitting Just-Patched Security Flaw
Less than two weeks after shipping urgent patches to cover security defects in its Aria Operations for Networks product, VMware says hackers have started launching…
Category: SecurityWeek
Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps
Researchers at security startup Descope have discovered a major misconfiguration in Microsoft Azure AD OAuth applications and warned that any business using ‘Log in with…
Russian APT Group Caught Hacking Roundcube Email Servers
A prolific APT group linked to the Russian government has been caught exploiting security flaws in the open-source Roundcube webmail software to spy on organizations…
Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack
Gen Digital (NASDAQ: GEN), the company behind known cybersecurity brands such as Avast, Avira, AVG, Norton, and LifeLock, has confirmed that employee’s personal information was…
New ‘RDStealer’ Malware Targets RDP Connections
A state-sponsored espionage campaign is leveraging new custom malware to monitor incoming remote desktop protocol (RDP) connections and infect connecting clients with a backdoor, according…
OT:Icefall: Vulnerabilities Identified in Wago Controllers
Forescout Technologies has disclosed the details of three vulnerabilities impacting operational technology (OT) products from Wago and Schneider Electric. The flaws were identified as part…
Fulfilling Expected SEC Requirements for Cybersecurity Expertise at Board Level
The U.S. Securities and Exchange Commission (SEC) is expected to introduce a rule requiring demonstration of cybersecurity expertise at the board level for public companies.…
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack
The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth. One…
Asus Patches Highly Critical WiFi Router Flaws
Taiwanese computer hardware manufacturer Asus on Monday shipped urgent firmware updates to address vulnerabilities in its WiFi router product lines and warned users of the…
Akeyless Launches SaaS-based External Secrets Manager
Secrets are fundamental to cybersecurity. They comprise the secret data that allows individual authorization and access to or between systems. But if secrets are not…
New Information Stealer ‘Mystic Stealer’ Rising to Fame
A new information stealer malware is quickly becoming popular among hackers on prominent underground forums, according to a warning from cybersecurity company Cyfirma. Dubbed Mystic…
Western Digital Blocks Unpatched Devices From Cloud Services
Western Digital has blocked access to its cloud services for devices running firmware versions impacted by a known and critical security vulnerability. The move, which…