Researchers have developed a side-channel exploit for Apple CPUs, enabling sophisticated attackers to extract sensitive information from browsers. Side-channel attacks are usually overlooked, often physical counterparts to traditional software hacks. Rather than an unsecured password or a vulnerability in a program, they take advantage of the extra information a computer system or hardware generates —…
As organizations increasingly move their data and workloads to the cloud, securing cloud identities has become paramount. Identities are the keys to accessing cloud resources, and, if compromised, they enable attackers to gain access to sensitive data and systems. Most attacks we see today are client-side attacks, in which attackers compromise someone’s account and use…
“One of the most dangerous financial criminal groups” — and growing in sophistication. That is Microsoft’s assessment of the 0ktapus cyberattack collective, which was most recently in the news for carrying out the strikingly disruptive MGM and Caesars Entertainment ransomware hits. The English-speaking group (aka Scatter Swine, UNC3944 or, as Microsoft calls it, “Octo Tempest”)…
The volume of known ransomware attacks surged last month to record-breaking levels, security researchers report. Ransomware groups collectively listed 514 victims on their data-leak sites in September, breaking the previous record in July of 502 victims, said U.K. cybersecurity firm NCC Group. The firm reports that “major drivers of this activity” include newer groups such…
VMware urged customers to update VMware vCenter Servers against a critical flaw that could potentially lead to remote code execution (RCE) and assigned a CVSS severity score of 9.8. The vCenter Server flaw, tracked under CVE-2023-34048, could allow an attacker with network access the ability to trigger an out-of-bounds write, the VMware advisory explained. Software…
Vulnerability management plays a critical role in ensuring the security and integrity of telecommunications networks. With the ever-evolving threat landscape and increasing sophistication of cyberattacks, effective vulnerability management is essential for telecommunications companies. But the unique characteristics of the telecommunications industry pose significant challenges to the implementation of robust vulnerability management programs. Vulnerability Management Challenges…
In the latest in the saga of compromise involving a max-critical Cisco bug that has been exploited as a zero-day as users waited for patches, several security researchers reported observing a sharp decline in the number of infected Cisco IOS XE systems visible to them over the weekend. The drop sparked a rnge of theories…
Cisco said a patch for two actively exploited zero-day flaws in its IOS XE devices is scheduled to drop on Oct. 22. The first Cisco zero-day bug, tracked under CVE-2023-20198, was announced on Oct. 16 and has a severity rating of 10 out of 10. At the time it was discovered, it had already allowed…
The data leak and negotiation sites for the Ragnar Locker ransomware group went offline Thursday after an international law enforcement operation seized its infrastructure. Law enforcement agencies participating in the crackdown include the FBI, as well as authorities in France, Germany, Italy, Spain and the Netherlands, backed by Europol’s European Cybercrime Center as well as…
North Korean nation-state threat actors are exploiting a critical remote code execution vulnerability affecting multiple versions of a DevSecOps tool – a high-risk development, especially in light of Pyongyang hackers’ recent track record of supply chain hacks. Researchers at Microsoft said Wednesday that North Korean nation-state threat actors tracked as Diamond Sleet and Onyx Sleet…