Ashish Gupta โ Jammu and Kashmir Government Ashish Gupta has been designated as Chief Information Security Officer for the Departmentโฆ
News
Key Takeaways Evolved Tactics: The HoneyMyte APT group now uses a kernel-mode rootkit driver signed with a stolen digital certificateโฆ
Key Takeaways Critical Authentication Bypass: A major flaw could allow complete account takeover for any user with a Google login,โฆ
Key Takeaways Critical vulnerability: A significant security flaw has been identified in MongoDB, allowing attackers to read uninitialized heap memoryโฆ
Key Takeaways Massive compensation: Coupang announced $1.2 billion compensation plan for the 33.7 million customers initially said to be affectedโฆ
We see a recurring pattern across recent cybersecurity incidents where trust, and identity controls are being exploited across government systems,โฆ
Key TakeawaysVersion-specific incident: Only Trust Wallet Browser Extension version 2.68 is affected.Immediate mitigation: Users are urged to disable the extensionโฆ
Key TakeawaysActive exploitation: Fortinet says attackers are abusing a long-standing SSL VPN flaw.Authentication protections: Misconfigurations can allow logins without completingโฆ
Key TakeawaysSophisticated TTPs: The Evasive Panda APT utilizes advanced techniques, including DNS poisoning and adversary-in-the-middle (AitM) attacks.Geographic focus: The campaignโฆ
Key TakeawaysDeceptive distribution: The WebRAT malware is being distributed through GitHub repositories disguised as PoC exploits for high-severity flaws.Targeted audience:โฆ
Key TakeawaysAntitrust penalty: Italy's competition authority fined Apple โฌ98.6 million for abusing its dominant market position through the App Trackingโฆ
Key Takeaways Service paralysis: A suspected DDoS attack disrupted La Poste's websites and mobile apps, causing significant delays in parcelโฆ
Key Takeaways Operation disruption: The Department of Justice seized a database containing stolen user credentials used to facilitate unauthorized bankโฆ
Key Takeaways Deceptive VPN service: Two extensions, active since 2017, masquerade as a legitimate VPN service, tricking users into payingโฆ
Key Takeaways Widespread disruption: 1,000 computer systems were compromised in a Romanian Water Agency attack, forcing a return to communicationโฆ
Key Takeaways Vendor-related breach: A server managed by Red Hat, a third-party vendor developing a customer management system for Nissan,โฆ
Windscribe Anonymous Account: Login uses a 32-character hash, no email, username, or password required. Privacy-focused design: Reduces personal data storage,โฆ
Vlad Korsunsky โ Tenable HoldingsVlad Korsunsky has been named Chief Technology Officer and Managing Director of Tenable Israel, where heโฆ
Key Takeaways High impact: The NPM package lotusbail, downloaded over 56,000 times, functions as a malicious backdoor that steals WhatsAppโฆ
NordVPN & Saily Finds Loyalty Accounts Theft: Thousands of airline and hotel loyalty accounts sold cheaply on dark web forums.โฆ
Get expert insights on threats, breaches, scams, and security trends โ delivered every Saturday.
Most Popular