US Bans Trade With Pegasus Spyware Maker
NSO Group plans to fight the trade ban, saying it’s “dismayed” and clinging to the mantra that its tools actually help to prevent terrorism and crime.
NSO Group –...
Microsoft, Adobe Exploits Top List of Crooks’ Wish List
You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market.
A year-long study...
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google...
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)
Vendor: Pulse SecureVendor URL: https://www.pulsesecure.net/Versions affected: Pulse Connect Secure (PCS) 9.1Rx or belowSystems Affected: Pulse Connect Secure (PCS) AppliancesCVE Identifier: CVE-2020-8260Advisory URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601Risk: 7.2 High CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HAuthors:Richard Warren - richard.warrennccgroupcomDavid...
Cyberattackers Hit Data of 80K Fertility Patients
Fertility Centers of Illinois’ security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files.
The protected health information of nearly 80,000 patients...
LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages
A phishing kit has been found running on at least 700 domains – and mimicking services via false SharePoint, OneDrive and Office 365 login portals.
A newly-uncovered phishing kit, dubbed...
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.
Big gaps exist in the 22-year-old Common Vulnerability and Exposures (CVE) system that do not address dangerous...
Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet
Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks.
Security should never be an afterthought when developing software and...
CISA Orders Federal Agencies to Patch Exchange Servers
Espionage attacks exploiting the just-patched remote code-execution security bugs in Microsoft Exchange servers are quickly spreading.
Hot on the heels of Microsoft’s announcement about active cyber-espionage campaigns that are exploiting...
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks
Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.
Cybercriminals can exploit Microsoft Remote Desktop Protocol...
