Blog

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking - A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io.The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could then be used to hijack accounts and siphon sensitive data.Under certain circumstances, a threat actor could have taken advantage of… Continue Reading
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass - Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices.Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection (SIP), or "rootless," which limits the actions the root user can perform on protected files and folders."The most straight-forward… Continue Reading
Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data - A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data."The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data," Israeli cloud security firm Dig said.Cloud SQL is a fully-managed… Continue Reading
Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks - An analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day.What's more, 50% of the servers don't remain active for more than a week, indicating the use of an adaptable and dynamic C2 infrastructure, Lumen Black Lotus Labs said in a report shared with The Hacker News."This botnet has adapted techniques to conceal its infrastructure in residential IP space… Continue Reading
RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks - The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets.Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void Rabisu, which is also known as Tropical Scorpius (Unit 42) and UNC2596 (Mandiant)."These lure sites are most likely only meant for a small number of targets, thus making discovery and analysis more difficult," security researchers Feike… Continue Reading
Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses - Attackers have found a new way to avoid detection in business email compromise (BEC) and account takeover attacks by buying locally generated IP addresses to mask the origin of their login attempts, thus circumventing the common "impossible travel" security detection, Microsoft is warning.An impossible travel flag occurs when a task is performed at two locations in a shorter amount of time than would be required to travel from one location to the other — for instance, if Employee… Continue Reading
How to determine exactly what personal information Microsoft Edge knows about you - How to determine exactly what personal information Microsoft Edge knows about youYour email has been sent Users should be aware of what personal data is being collected and stored by Microsoft Edge and be prepared to perform periodic maintenance on that data to keep it secure. To help make your overall user experience better and more productive, web browsers collect and store personal information about you and your internet activity. Microsoft Edge is no exception.… Continue Reading
Learn how to protect your company from cyberattacks for just $46 - Learn how to protect your company from cyberattacks for just $46Your email has been sent Cloud computing brings many business benefits, but it’s essential to know how to protect your data and operations. Part of the reason so many businesses operate in the cloud these days is because it’s more efficient for companies, their clients and their customers. But cyber threats are a very real risk, so it’s imperative you and your employees know how… Continue Reading
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites - WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that's installed on over five million sites.The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012."This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation," Jetpack said in an advisory. 102 new versions of Jetpack… Continue Reading
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall models that could enable an unauthenticated attacker to execute arbitrary code by sending a specially crafted packet to the device.Zyxel addressed the security defect as part of updates… Continue Reading