1Password 8 for Mac flaw allows attackers to steal credentials, here’s how to patch it
1Password has shared that its software for Mac has a vulnerability that exposes users to a potentially serious threat. Along with attackers being able to compromise credentials, the flaw can give bad actors access to your account unlock key. more.....»»
Respotter: Open-source Responder honeypot
Respotter is an open-source honeypot designed to detect attackers when they launch Responder within your environment. This application identifies active instances of Responder by exploiting its behavior when responding to any DNS query. Respotter lev.....»»
September 2024 Patch Tuesday forecast: Downgrade is the new exploit
I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applications. Six zero-day vulnerabilities were announce.....»»
trackd AutoPilot leverages historical patch disruption data
trackd has released a powerful rules engine that uses its patch disruption data to enable auto-patching with confidence, and based on actual data. “There’s only one reason that vulnerability management exists as a discipline in cyber secu.....»»
Vulnerability allows Yubico security keys to be cloned
Researchers have unearthed a cryptographic vulnerability in popular Yubico (FIDO) hardware security keys and modules that may allow attackers to clone the devices. But the news is not as catastrophic as it may seem at first glance. “The attacke.....»»
Qilin ransomware targets Google Chrome credentials
Sophos X-Ops reveals a new strategy that harvests credentials from compromised networks, raising significant cybersecurity concerns for organizations......»»
The attack with many names: SMS Toll Fraud
Bad actors leverage premium-rate phone numbers and bots to steal billions of dollars from businesses. In this Help Net Security video, Frank Teruel, CFO at Arkose Labs, discusses how to spot and stop them. The post The attack with many names: SMS Tol.....»»
Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sendin.....»»
Research exposes how repeated information warps our decisions
Imagine the decisions you make every day, such as what to buy, who to trust, or who to vote for, are heavily influenced by a simple yet powerful flaw in your reasoning. Economists at the University of Surrey argue that people are systematically decei.....»»
A macro look at the most pressing cybersecurity risks
Forescout’s 2024H1 Threat Review is a new report that reviews the current state of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024 and compares them to H1 2023. “Attackers are looking for any weak point to bre.....»»
Protect your whole family with a free trial of 1Password for Families
With ever-increasing online activity for parents and students alike, the return to school is a great time to ensure your whole family’s digital life is secure. Right now, you can get a free 14-day trial of 1Password for Families to see for yourself.....»»
Why ransomware attackers target Active Directory
Ransomware attacks have surged 78% year-over-year, affecting various sectors and organizations and significantly impacting supply chains. In this Help, Net Security video, Craig Birch, Technology Evangelist, and Principal Security Engineer at Cayosof.....»»
Unpatchable 0-day in surveillance cam is being exploited to install Mirai
Vulnerability is easy to exploit and allows attackers to remotely execute commands. Enlarge (credit: Getty Images) Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mira.....»»
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB,.....»»
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentia.....»»
Hackers infect ISPs with malware that steals customers’ credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed. Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day.....»»
SonicWall patches critical firewall security flaw
The bug allowed for unauthorized resource access, SonicWall said......»»
Lateral movement: Clearest sign of unfolding ransomware attack
44% of unfolding ransomware attacks were spotted during lateral movement, according to Barracuda Networks. 25% of incidents were detected when the attackers started writing or editing files, and 14% were unmasked by behavior that didn’t fit with kn.....»»
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is.....»»
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers......»»
A new malware threat to macOS adds to the data-stealing surge
Mac users face another macOS threat that aims to steal your data and targets x86_64 and Arm architectures......»»