Internet Security

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

May 24, 2024 add comment
The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such... Read more »

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

May 24, 2024 add comment
UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. The UK data watchdog, the... Read more »

APT41: The threat of KeyPlug against Italian industries

May 23, 2024 add comment
Tinexta Cyber’s Zlab Malware Team uncovered a backdoor known as KeyPlug employed in attacks against several Italian industries During an extensive investigation, Tinexta Cyber’s Zlab Malware Team uncovered a... Read more »

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

May 23, 2024 add comment
Ivanti addressed multiple flaws in the Endpoint Manager (EPM), including remote code execution vulnerabilities. Ivanti this week rolled out security patches to address multiple critical vulnerabilities in the Endpoint... Read more »

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

May 23, 2024 add comment
A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed... Read more »

A consumer-grade spyware app found in check-in systems of 3 US hotels

May 23, 2024 add comment
A researcher discovered a consumer-grade spyware app on the check-in systems of at least three Wyndham hotels across the US. The security researcher Eric Daigle discovered a commercial spyware... Read more »

Critical Veeam Backup Enterprise Manager authentication bypass bug

May 22, 2024 add comment
A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could... Read more »

Cybercriminals are targeting elections in India with influence campaigns

May 22, 2024 add comment
Resecurity warns of a surge in malicious cyber activity targeting the election in India, orchestrated by several independent hacktivist groups Resecurity has identified a spike of malicious cyber activity... Read more »

An ongoing malware campaign exploits Microsoft Exchange Server flaws

May 22, 2024 add comment
A threat actor is targeting organizations in Africa and the Middle East by exploiting Microsoft Exchange Server flaws to deliver malware. Positive Technologies researchers observed while responding to a... Read more »

Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

May 22, 2024 add comment
GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication. GitHub has rolled out security fixes to address a critical authentication... Read more »
Subscribe to our Newsletter