Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the “vulnerabilities are trivial to reverse and exploit.” The list of identified flaws is as follows – Go to […]
Category Archives: Uncategorized
In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms. Go to Source Author: Robert Lemos, Contributing Writer
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting. Go to Source Author: Jai Vijayan, Contributing Writer
Emergent macOS vulnerability lets adversaries circumvent Apple’s System Integrity Protection (SIP) by loading third-party kernels. Go to Source Author: Becky Bracken, Senior Editor, Dark Reading
Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug […]
New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. “Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees,” Truffle Security […]
In times of unprecedented change, innovative mindsets and attentiveness of startup culture make for a community everyone can leverage to understand the world and guard against its dangers. Go to Source Author: Paul Shomo
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect […]