A Linux vulnerability known as Looney Tunables has been discovered in the GNU C Library’s dynamic loader, allowing local attackers to gain root privileges and potentially launch further attacks on various Linux distributions, including Fedora, Ubuntu, Debian, and Alpine Linux.
Hackers exploit a SQL injection vulnerability in an Azure Virtual Machine to gain access and elevated permissions on a Microsoft SQL Server instance, highlighting the importance of securing cloud identities.
Tracking metrics such as mean time to detect, mean time to prioritize, and mean time to communicate can help CISOs identify areas for improvement in the patching process and contribute to overall risk management.
Researchers discover a typosquatting campaign on the npm platform that deceives users with a rogue package, deploying a rootkit and DiscordRAT 2.0 to remotely control victims’ hosts and gather sensitive data.
The Annual Cybersecurity Attitudes and Behaviors Report 2023 shows that a majority of Americans now recognize the importance of Multi-Factor Authentication (MFA) and actively utilize it to enhance their online security, but concerns persist regarding access to adequate cybersecurity training programs.
APT41, a Chinese-sponsored threat group, has been linked to the surveillance toolkit LightSpy, which is more sophisticated than previously reported and is capable of targeting both iOS and Android devices.
