Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. […] Go to Source Author: Bill Toulas
Category Archives: Security
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. […] Go to Source Author: Sergiu Gatlan
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. […] Go to Source Author: Bill Toulas
Today, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware. […] Go to Source Author: Sergiu Gatlan
Google announced updates in the post-quantum cryptographic key encapsulation mechanism used in the Chrome browser, specifically, the swap of Kyber used in hybrid key exchanges with Module Lattice Key Encapsulation Mechanism (ML-KEM). […] Go to Source Author: Bill Toulas
Multifactor authentication (MFA) significantly reduces the likelihood of unauthorized access. However, recent attacks have demonstrated that MFA can be compromised. To strengthen your defenses, it’s crucial to understand common MFA vulnerabilities and implement effective countermeasures. How cybercriminals bypass MFA Cybercriminals use a variety of techniques to compromise MFA systems. MFA fatigue MFA fatigue, also known […]
Multifactor authentication (MFA) significantly enhances your business’s security, but it’s not invincible. Cybercriminals have found ways to exploit MFA’s weaknesses, and understanding these is essential for safeguarding your business. This article will guide you through common MFA hacks and provide preventive strategies. How cybercriminals bypass MFA Cybercriminals use a variety of techniques to compromise MFA […]
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. […] Go to Source Author: Bill Toulas
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks. […] Go to Source Author: Bill Toulas
A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. […] Go to Source Author: Bill Toulas