
Microsoft SharePoint Server Products Targeted by Threat Actors Exploiting Critical Vulnerabilities
Threat actors are exploiting critical vulnerabilities in Microsoft SharePoint Server products, including CVE-2023-29357 and CVE-2023-24955, which allow for remote code execution and bypass authentication, posing a significant risk to organizations using SharePoint servers.
View full story…

Russian Cyber-Attacks Against Ukraine Surge in H1 2023
Ukraine reports a 123% increase in cyber-attacks from Russia in the first half of 2023, with hackers shifting focus to target law enforcement agencies and gather war crime evidence.
View full story…

Security Flaws in Simple Membership Plugin for WordPress Could Lead to Privilege Escalation
The Simple Membership plugin for WordPress has been found to have two security flaws that could result in privilege escalation issues, including unauthenticated users being able to register accounts with arbitrary membership levels and authenticated users being able to take over any member account through an insecure password reset process.
View full story…

Leading CISO Develops Model for Ransomware Payment Decisions
Lorraine Dryland, CISO at First Sentier Investors, has created a quantitative decision-aid model to assist organizations in determining whether to pay a ransom following a cyber-attack, taking into account technical and business implications, restore time, impact scale, client impact, and ethical and legal liabilities.
View full story…

Researchers Discover Significant Vulnerability in GPUs, Potentially Exposing Sensitive Information
Researchers have found a vulnerability in contemporary GPUs known as GPU.zip that allows for a new type of side channel attack, targeting Google Chrome and potentially exposing sensitive information.
View full story…

Google Discovers Critical Security Flaw in libwebp Image Library
Google has identified a critical security flaw in the widely used libwebp image library, known as CVE-2023-5129, which allows attackers to execute arbitrary code through a heap buffer overflow and is actively being exploited, impacting major tech companies like Apple, Google, and Mozilla.
View full story…
Latest Cybernews

Essential Guide to Cybersecurity Compliance: Meeting Legal, Policy, and Industry Requirements to Safeguard Sensitive Information and Customer Data
Cybersecurity compliance involves meeting standardized legal, policy, or industry requirements to safeguard sensitive information and customer data, with healthcare and finance being highly regulated industries.
View full story…

Survey Reveals Widespread Underreporting of Cybersecurity Incidents
A recent global survey conducted by Keeper Security reveals concerning gaps in reporting cybersecurity incidents, with 40% of organizations experiencing incidents but nearly half of them not disclosing them to the appropriate authorities.
View full story…

US Cybersecurity Agency Introduces Hardware Bill of Materials Framework to Enhance Supply Chain Communication and Reduce Risks
The US Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Hardware Bill of Materials (HBOM) Framework to improve communication between technology hardware vendors and customers and reduce risks in the US supply chain.
View full story…

Fastly’s Network Effect Threat Report for Q2 2023 Reveals High Tech Industry as Most Targeted by Attacks
Fastly’s report highlights the High Tech industry as the most targeted by attacks, with Traversal being the most common technique used.
View full story…

Pension Firms Report 4,000% Surge in Data Breach Reports to UK Regulator
Pension providers in the UK have experienced a significant increase in data breach reports to the UK regulator, making the pension sector the hardest hit in the financial services industry.
View full story…

Ransomware Group Claims Successful Breach of Sony’s Computer Systems
RansomedVC, a newly emerged ransomware group, claims to have accessed Sony’s computer systems and obtained sensitive data, threatening to sell it since Sony refused to pay.
View full story…

Newly Identified Cybercrime Group ShadowSyndicate Linked to Multiple Ransomware Families
ShadowSyndicate, a newly identified cybercrime group, has been active since July 2022 and is associated with various ransomware families, utilizing off-the-shelf post-exploitation tools and loaders, with Cobalt Strike being particularly prominent in their operations.
View full story…

Proofpoint Identifies New Malware Strain ZenRAT Targeting Windows Users
Proofpoint has discovered ZenRAT, a dangerous modular remote access trojan (RAT) that specifically targets Windows users and disguises itself as a counterfeit Bitwarden installation package, posing a significant cybersecurity threat by stealing information and redirecting non-Windows users to legitimate websites to avoid detection.
View full story…