Dec 11, 2024Ravie LakshmananMalware / Cyber Espionage The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging … [Read more...] about Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service
secret
Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
Mar 30, 2024NewsroomLinux / Supply Chain Attack Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of … [Read more...] about Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts
Jul 01, 2023Ravie LakshmananWebsite Security / Cyber Threat As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on … [Read more...] about Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts
The secret is out: Why Open Security is key to preventing cyber threats
For decades, the cybersecurity industry has been shrouded in secrecy. This is partly because of the misunderstanding that cybersecurity often relies on obscurity as its primary form of defense. As the thinking goes, if adversaries don’t know about or understand the security controls that security vendors have in place, it will be easier to defend against cyberattacks.While the … [Read more...] about The secret is out: Why Open Security is key to preventing cyber threats
Observability can be the secret to enabling the board room
For a long time, the best many organizations could do was to look at trailing business and operational data to understand enterprise performance or make proactive business decisions. But today, with the right technology, data streams in real-time — IT leaders can instantly elevate risks and opportunities to their boards.This is where observability kicks in with answers. … [Read more...] about Observability can be the secret to enabling the board room
New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9. Cloud … [Read more...] about New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
Secret Chat in Telegram Left Self-Destructing Media Files On Devices
Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, who disclosed his findings to Telegram on December 26, 2020. The issue has since … [Read more...] about Secret Chat in Telegram Left Self-Destructing Media Files On Devices
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified … [Read more...] about Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks
In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown.Have you ever noticed they all had at least one thing in common?That's OpenSSH.As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH … [Read more...] about OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks
Secret Life Hack for Cleaning an iPhone 7 Awesome Slime Trick!
Found an incredible way of making your iPhone look brand new in just 10 minutes! This is how you do it. … [Read more...] about Secret Life Hack for Cleaning an iPhone 7 Awesome Slime Trick!