Month: June 2023

Application Security

Issued by: DataBreach Today

As organizations continue to embrace digital transformation, it’s essential to ensure that applications and APIs are protected. Application security testing, or AST, and API security testing are important components of a comprehensive cybersecurity strategy. AST is the process of analyzing application code and configurations to identify potential vulnerabilities. API security testing ensures that APIs are…

Vulnerabilities

Issued by: CSO Online

An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it. Cisco Secure Client for Windows, previously known…

Malware & Threats

Issued by: Security Affairs

Bitdefender researchers discovered a set of malicious files with backdoor capabilities that are suspected to be part of a sophisticated toolkit designed to target Apple macOS systems. The investigation is still ongoing, the experts pointed out that the samples are still largely undetected. The researchers analyzed a total of four samples that were uploaded to…

Malware & Threats

Issued by: CSO Online

A cybercriminal group calling itself Diicot is performing mass SSH brute-force scanning and deploying a variant of the Mirai IoT botnet on compromised devices, according to researchers. The group also deploys a cryptocurrency mining payload on servers with CPUs that have more than four cores. “Although Diicot have traditionally been associated with cryptojacking campaigns, Cado…

News

Issued by: Dark Reading

ASIS International and the Security Industry Association (SIA) closed out the inaugural Security LeadHER conference this week, celebrating a successful and groundbreaking first event held June 12-13 in Nashville, Tennessee. The event was dedicated to advancing, connecting and empowering women in the security profession. Approximately 300 current and future “LeadHERs” and attendees of all backgrounds…

Vulnerabilities

Issued by: Dark Reading

The vulnerability of subdomain takeover in Microsoft Azure continues to pose a threat, with researchers at Keytos discovering approximately 15,000 vulnerable subdomains each month using cryptographic certificates. This relatively common exploit allows cybercriminals to impersonate organizations, launch attacks, and display spam content through legitimate sites. Despite continuous attempts to contact and notify over 1,000 organizations…

Vulnerabilities

Issued by: SecurityWeek

The most important of these issues is CVE-2023-3214, a critical use-after-free flaw in Autofill payments. The issue was reported by Rong Jian of VRI, Google notes in its advisory. Use-after-free vulnerabilities are a type of memory corruption bugs that occur when a pointer is not cleared after memory allocation has been freed. Such flaws may…

Malware & Threats

Issued by: Security Affairs

A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins — infiltrating over a million websites and leaving administrators scrambling for solutions. In April 2023, Bleeping Computer and other tech outlets like TechRadar began circulating reports of cybercriminals successfully hacking WordPress websites. They were able to gain access…

News

Issued by: Naked Security

Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related crimes that apparently…