The troubles for Israeli surveillance software maker NSO Group continue to pile up with news that Apple has filed suit to ban the company from using its software, services or devices.
PoC Exploit Published for Latest Microsoft Exchange Zero-Day
A security researcher has released proof-of-concept (PoC) exploit code for a recently patched code execution vulnerability affecting on-prem Microsoft Exchange Server installations.
Severe Code Execution Vulnerabilities Affect OpenVPN-Based Applications
Security researchers at Claroty have raised the alarm for a series of severe code execution vulnerabilities affecting virtual private network (VPN) solutions relying on OpenVPN.
U.S. Agencies Share More Details on ADSelfService Plus Vulnerability Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Coast Guard Cyber Command (CGCYBER) have shared new details on in-the-wild attacks targeting a recently patched flaw in Zoho’s ManageEngine ADSelfService Plus product.
GoDaddy Breach Exposes 1.2 Million Managed WordPress Customer Accounts
Domain registrar and web hosting giant GoDaddy has been hacked and customer data for some 1.2 million WordPress users were exposed to the attacker for more than three months.
Wind Turbine Giant Vestas Fending Off Cyberattack
Danish wind turbine giant Vestas Wind Systems has been hit by what appears to be a ransomware attack that took out parts of its internal IT infrastructure and caused unspecified data compromise.
Delivering on the Promise of 5G Requires New Security Standards
In order to deliver on the promise of 5G, we need new industry standards for security, testing, and training
New ‘SharkBot’ Android Banking Malware Hitting U.S., UK and Italy Targets
A new Android banking trojan has been found, targeting international banks from the United Kingdom and Italy (including in the U.S.). and five different cryptocurrency services. Twenty-two instances have been discovered, but more are expected.
Supply Chain Security Fears Escalate as Iranian APTs Caught Hitting IT Services Sector
Fears of software supply chain attacks escalated again this week with a new warning from Microsoft that it has caught Iranian threat actors breaking into IT services shops in India and Israel and using that access to hit the real targets.
How to Improve Red Team Effectiveness using Obfuscation
Setting up an obfuscated network in the cloud gives a red team the flexibility to test security against different cloud vendors
