Top infosec source: stay informed on hacking, cyberattacks, and computer security updates.
🚨 Security Alert: Rogue WordPress Plugin Threatens E-Commerce Security.
Read more: https://cyberwire.lk/2023/12/rogue-wordpress-plugin-threatens-e-commerce-security/
In a recent discovery by cybersecurity firm Sucuri, a rogue WordPress plugin has been identified as a major threat to the security of e-commerce websites. This malicious plugin not only has the capability to create fake administrator accounts but also injects malicious JavaScript code to pilfer sens...
🚨 Security Alert: Google Cloud Mitigates Security Vulnerability Threatening Kubernetes Clusters.
Read more: https://cyberwire.lk/2023/12/google-cloud-mitigates-security-vulnerability/
Google Cloud has resolved a medium-severity security flaw in its platform that could be exploited by an attacker who already has access to a Kubernetes cluster to escalate their privileges. The flaw was discovered and reported by Palo Alto Networks Unit 42. The flaw could be abused by an attacker wh...
🚨 Security Alert: 8base Ransomware Strikes Windows Users Worldwide.
Read more: https://cyberwire.lk/2023/12/8base-ransomware-strikes-windows-users-worldwide/
Ransomware attacks are one of the most prevalent and damaging cyber threats today. They can cripple businesses, disrupt critical services, and extort millions of dollars from victims. In this article, we will take a closer look at one of the emerging ransomware groups, 8Base, and how they use a vari...
🚨 Security Alert: Critical Google Chrome Zero-Day Exploit: Update Now!
Read more: https://cyberwire.lk/2023/12/critical-google-chrome-zero-day-exploit/
In a recent development, Google has urgently addressed a high-severity zero-day vulnerability in its Chrome web browser that has been actively exploited in the wild. The security flaw, identified as CVE-2023-7024, is a heap-based buffer overflow bug in the WebRTC framework, posing a serious risk of....
🚨Phishing Alert: Instagram Users at Risk as 2FA Backup Codes Targeted.
Read more: https://cyberwire.lk/2023/12/phishing-alert-instagram-users-at-risk/
In a recent discovery, a sophisticated phishing campaign has emerged, targeting Instagram users and aiming to pilfer their Two-Factor Authentication (2FA) backup codes. This new threat employs a multi-pronged approach, utilizing a “Copyright Infringement” template to create a sense of urgency an...
🚨 Security Alert: Karakurt Ransomware: What You Need to Know!
Read more: https://cyberwire.lk/2023/12/karakurt-ransomware-what-you-need-to-know/
In a joint Cybersecurity Advisory, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have issued a warning about the Karakurt data extortion group, a...
🚨 Security Alert: Microsoft removes malicious application disguising as the popular file compression tool 7Zip.
Read more: https://cyberwire.lk/2023/12/microsoft-removes-malicious-7zip-app-from-store/
Microsoft has recently taken down a malicious app from its store that was disguised as the popular file compression tool 7Zip. The app, which was named 7Zip – Russian Edition, was found to contain a backdoor that could allow attackers to take control of the infected machines. According to a report...
🚨 Security Alert: SAP Releases Critical Patch Update to Address the Escalation of Privileges Risk. UPDATE NOW.
Read more: https://cyberwire.lk/2023/12/sap-releases-critical-patch-update/
SAP, the enterprise software giant, has taken decisive action to address a critical vulnerability identified in its Business Technology Platform (BTP) Security Services Integration Library for Node.js. The vulnerability, tracked as CVE-2023-49583, affected versions prior to 3.6.0 and posed a signifi...
🚨 Security Alert: The notorious Lazarus Group is leveraging the Log4j vulnerability to deploy Remote Access Trojans (RATs), posing significant risks globally.
Read more: https://cyberwire.lk/2023/12/security-alert-lazarus-groups-log4j-rat-deployment/
The cybersecurity landscape is witnessing a persistent and evolving threat from the notorious Lazarus Group, a cyber-espionage collective with alleged ties to North Korea. In their latest campaign, the group has been exploiting the Log4j vulnerability, also known as “Log4Shell,” to deploy a seri...
🚨 Security Alert: Exploiting iPhone Lockdown Mode Poses New Threat. UPDATE NOW.
Read more: https://cyberwire.lk/2023/12/exploiting-iphone-lockdown-mode-poses-new-threat/
In a startling revelation, cybersecurity experts have uncovered a post-exploitation tampering technique capable of visually deceiving iPhone users into believing their devices are in Lockdown Mode. This discovery raises concerns about the false sense of security provided by the feature, emphasizing....
🚨 Security Alert: LogoFAIL Unveils Critical UEFI Flaws, Exposing Devices to Stealthy Malware.
Read more: https://cyberwire.lk/2023/12/logofail-unveils-critical-uefi-flaws-exposing-devices-to-stealthy-malware/
In a recent revelation by cybersecurity researchers at the Binary research team, a set of critical UEFI vulnerabilities has been exposed, putting a wide range of devices at risk of stealthy malware attacks. Termed “LogoFAIL,” these vulnerabilities target image parsing libraries in system firmwar...
🚨 Security Alert: Critical Bluetooth Vulnerability Affects Apple, Android, macOS, and Linux. UPDATE NOW!
Read more: https://cyberwire.lk/2023/12/critical-bluetooth-vulnerability-affects-apple-android-macos-and-linux/
A newly discovered critical Bluetooth security flaw, tracked as CVE-2023-45866, has surfaced, posing a significant threat to the security of Android, Linux, macOS, and iOS devices. This vulnerability, revolves around an authentication bypass that enables threat actors to manipulate susceptible devic...
🚨 Security Alert: WordPress Releases V6.4.2 Update to Address Remote Code Ex*****on Vulnerability. UPDATE NOW!
Read more: https://cyberwire.lk/2023/12/wordpress-releases-v6-4-2-update-to-address-remote-code-ex*****on-vulnerability/
In a recent development, WordPress has rolled out a crucial update, version 6.4.2, aimed at mitigating a severe security risk tied to a remote code ex*****on (RCE) vulnerability. This particular vulnerability, identified within the WordPress core 6.4, introduces a Property Oriented Programming (POP)...
📚 Mastering Access Control: Best Practices for Privileged Access Management (PAM).
Read more: https://cyberwire.lk/2023/12/mastering-access-control-best-practices-for-privileged-access-management-pam/
The cybersecurity landscape is ever-evolving, presenting new challenges and threats that demand our constant vigilance. In this dynamic environment, the management of privileged access has emerged as a critical concern for organizations globally. Cyber criminals, armed with cutting-edge technologies...
🚨 Security Alert: The Impact of SQL Brute Force leads to BlueSky Ransomware.
Read more: https://cyberwire.lk/2023/12/the-impact-of-sql-brute-force-leads-to-bluesky-ransomware/
In recent events, the cybersecurity community has been thrust into the spotlight with the emergence of the formidable BlueSky ransomware. A critical examination of a recent attack on a public-facing MSSQL Server unveils the intricacies of the incident, shedding light on the technical nuances from th...
🚨 Security Alert: More than 20,000 Microsoft Exchange servers across Asia, Europe, and U.S., are exposed to remote code ex*****on flaws. UPDATE NOW!
Read more: https://cyberwire.lk/2023/12/critical-vulnerabilities-in-outdated-microsoft-exchange-servers/
A critical cybersecurity threat looms as more than 20,000 Microsoft Exchange servers across Europe, the U.S., and Asia remain exposed on the public internet, susceptible to remote code ex*****on flaws. The core issue lies in these servers running an unsupported software version, lacking essential up...
🚨 Security Alert: Fake Phishing Scam Steals Booking.com. Customer Credit Card Information. Advanced Social Engineering techniques are used in delivering the malware.
Read more: https://cyberwire.lk/2023/12/fake-booking-com-scam-steals-customer-credit-card-information/
As cybercrime has increased over the years, various industries are becoming increasingly vulnerable to sophisticated cyber attacks. One such industry is the hospitality industry. According to security researchers, hackers are increasingly targeting hotels, travel agencies, and booking sites. These h...
🚨 Security Alert: SugarGh0st RAT; a variant of the infamous Gh0st RAT Targets Government Offices at Uzbekistan and South Korea. Is Asian countries under attack?
Read more: https://cyberwire.lk/2023/12/sugargh0st-rat-targets-uzbekistan-and-south-korea/
Security researchers at Cisco Talos recently uncovered a malicious campaign that has been silently operating since at least August 2023. This campaign introduces a new and highly customized remote access trojan (RAT) named “SugarGh0st,” which appears to be a variant of the infamous Gh0st RAT. Th...
🚨 Security Alert: Hackers Exploit ‘Forced Authentication’ Vulnerability, Putting Windows NTLM Tokens at Risk. UPDATE NOW!
Read more: https://cyberwire.lk/2023/12/hackers-exploit-forced-authentication-vulnerability/
Cybersecurity researchers have uncovered an instance of “forced authentication” that exposes a potential vulnerability in Windows user security. This vulnerability could lead to the unauthorized disclosure of NT LAN Manager (NTLM) tokens by manipulating a victim into accessing a specifically cra...
🚨 Zero-Day Alert: Apple Resolves 2 Actively Exploited Vulnerabilities with Critical Security Patches: iOS, macOS, and Safari. UPDATE NOW!
Read more: https://cyberwire.lk/2023/12/zero-day-alert-apple-resolves-2-actively-exploited-vulnerabilities/
In a swift response to emerging cybersecurity threats, Apple has released critical software updates across iOS, iPadOS, macOS, and the Safari web browser. The focus of these updates is the rectification of two actively exploited security flaws within the WebKit web browser engine. Here’s a breakdo...
📚 Ever wondered how cyber criminals conduct phishing attacks for financial benefits?
Learn more: https://cyberwire.lk/2023/12/understanding-how-hackers-phish/
Account credentials have emerged as a coveted asset, serving as a prominent entry point for malicious actors. The theft of a single set of credentials poses a considerable risk, potentially compromising the entire network of your organization. The 2023 Verizon Data Breach Investigation Report unders...
🚨 Zero-Day Alert: Google Chrome Faces Targeted Attacks Exploiting Newly Uncovered Vulnerability (CVE-2023-6345). To safeguard your online security, it's crucial to UPDATE NOW!
Read more: https://cyberwire.lk/2023/11/zero-day-alert-google-chrome/
Introduction: Google Chrome, one of the most widely used web browsers globally, recently confronted a significant security threat. In response, Google swiftly released security updates to address a total of seven vulnerabilities, with special attention given to a zero-day vulnerability (CVE-2023-634...
📚 Strengthening Cybersecurity Defenses: A Holistic Approach to Incident Response
Advancements in information security tools play a crucial role in fortifying organizational networks and endpoints against cybercriminals. Despite these improvements, cyber criminals might still find their way in, emphasizing the need for an Incident Response (IR) Plan. Take a closer look at the 06 key steps for achieving a successful IR plan.
Learn more: https://cyberwire.lk/2023/11/holistic-approach-to-incident-response/
Advancements in security tools play a crucial role in protecting organizational networks and endpoints against cyber criminals. Despite these improvements, cyber criminals can still find their way in, emphasizing the need for an effective Incident Response (IR) plan. To counteract threats and restor...
Be the first to know and let us send you an email when CyberWire.lk posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.
Send a message to CyberWire.lk:
Want your business to be the top-listed Media Company?
