Passwords Leaked: A file with around 10 billion (1,000 crore) passwords was leaked via an online hacking forum, according to a report by Semafor. The compilation, which included old and new password breaches, was posted online on July 4, and is the largest such leak yet, it added. The report noted the risk of credential-stuffing attacks being…
Cisco has issued a security advisory regarding a critical remote code execution (RCE) vulnerability, dubbed “regreSSHion,” that affects multiple products. The vulnerability tracked as CVE-2024-6387, was disclosed by the Qualys Threat Research Unit on July 1, 2024. It impacts the OpenSSH server (sshd) in glibc-based Linux systems and has the potential to allow unauthenticated attackers…
Hackers add more devices to the network of slave digital devices, which would do what hackers want them to do. These networks, called botnets, launch large-scale cyberattacks, including the dreaded Distributed Denial of Services (DDoS). Now Dark web peers are selling botnets at throw-away prices ranging from $99 on the Dark Web, according to cybersecurity…
Investment scams primarily operate through social media and messaging platforms like WhatsApp and Telegram. CloudSEK found a surge in malicious content on these platforms — over 29,000 fraudulent ads on Facebook and a 81,000 fake investment groups on WhatsApp. The report covers an in-depth report exposing a troubling rise in investment scams targeting individuals in…
Shockwaves from the Russian government’s hack of Microsoft’s corporate infrastructure continue to spread with news that the software giant is notifying surprised customers that their emails were also stolen by the Midnight Blizzard hackers. According to published reports, Redmond’s incident response team is providing a secure portal for customers to view specifics of emails stolen…
A team of researchers from the University of California San Diego has published a paper detailing a novel attack method targeting Intel CPUs. The chip giant says no new mitigations are required to address it. The new attack, named Indirector, is similar to the well-known Spectre v2 or Spectre Branch Target Injection (BTI) attack. These methods typically allow…
Santosh Sheshware has assumed the roles of Chief Information Security Officer and Head of Information Security at Aditya Birla Sun Life Insurance. This is a significant step towards enhancing the company’s cybersecurity framework. With over 17 years of experience in information security across prominent organizations like Bharti AXA Life, PNB MetLife, India Infoline group, HSBC,…
Cybersecurity researchers uncovered a sophisticated attack campaign by the Water Sigbin (aka 8220 Gang) threat actor that exploited vulnerabilities in the Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839, to deploy the XMRig cryptocurrency miner on compromised systems. The attack begins with the threat actor exploiting the WebLogic vulnerabilities to execute a malicious PowerShell script on the victim…
Deal Integrates Lacework’s CNAPP into Fortinet’s Security Fabric and SASE Platform Fortinet extended a lifeline to troubled cloud security vendor Lacework, agreeing to purchase the late-stage startup that once earned the largest funding round in cybersecurity history. The Silicon Valley-based platform security vendor said the proposed acquisition of San Jose, California-based Lacework will enhance Fortinet’s…
Companies in the market for cybersecurity professionals could face a new method of attack, made harder to spot because of artificial intelligence: Hackers posing as job applicants. As cyber threats targeting U.S. companies multiply, some security leaders have increased scrutiny during hiring to weed out bad actors—or simply applicants with over-embellished resumes. Globally, the cyber…
