-
![]()
Critical SQL Injection Vulnerability Uncovered in MOVEit Transfer
Progress Software Corporation has recently disclosed a critical vulnerability in its MOVEit Transfer web application, urging users to take immediate action to mitigate the risk. The vulnerability, officially designated as CVE-2023-34362, is an SQL Injection vulnerability that could potentially lead to escalated privileges and unauthorized access. It affects versions prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4),…
-
![]()
“Abraham Accords Cybersecurity Cooperation Act of 2023” Set to Boost Cybersecurity Collaboration
The U.S Senate has introduced a new bill, the “Abraham Accords Cybersecurity Cooperation Act of 2023,” designed to enhance cybersecurity collaboration between the countries involved in the Abraham Accords – the United Arab Emirates, Bahrain, Morocco, and Israel. The bill aims to fortify joint cybersecurity training activities and information-sharing among these nations. Additionally, it seeks…
-
![]()
Global Leaders Urged to Tackle Risks of Artificial Intelligence to Prevent Possible Extinction
A collective of industry chiefs and experts issued a stark warning on Tuesday, urging global leaders to focus their efforts on mitigating the “risk of extinction” posed by artificial intelligence (AI) technology. They likened the threat level of AI to that of other major societal-scale risks, including pandemics and nuclear war. Dozens of specialists endorsed…
-
![]()
Novel Phishing Technique Utilizes Browser File Archiver Simulation on New .zip Domain
In light of Google’s recent release of new top-level domains (TLDs) like .dad, .phd, .mov and .zip, there have been rising concerns within the security community over TLDs that can easily be mistaken for file extensions. This report explores a phishing technique that utilizes these concerns, specifically exploiting the .zip TLD to simulate a file…
-
![]()
Barracuda Networks Patches Zero-day Vulnerability In Email Security Gateway Appliance
Barracuda Networks has discovered and patched a significant vulnerability in its Email Security Gateway appliance (ESG) this week. The cyber defense company acknowledged the existence of this vulnerability, coded CVE-2023-2868, on May 19, 2023. The security issue was located within a module that screens the attachments of incoming emails on ESG appliances. The flaw has…
-
![]()
Lazarus Group Targets Windows IIS Web Servers in Recent Cyber Attacks
The Lazarus Group, a hacker collective known to receive national-level support, has been spotted in new attacks targeting Windows IIS web servers. AhnLab Security Emergency Response Center (ASEC) recently confirmed this activity, highlighting the group’s continued use of sophisticated techniques to compromise vulnerable systems. The group’s initial infiltration method relies on DLL side-loading, a technique…
-
![]()
Apple Releases Urgent Patches to Address Newly Discovered Zero-Day Vulnerabilities
May 18, 2023 – Apple has released iOS 16.5 and iPadOS 16.5, introducing several important security improvements and addressing vulnerabilities that could potentially compromise user data and device integrity. The update is available for iPhone 8 and later models, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, as…
-
![]()
The Introduction of ZIP Domains Raises Cybersecurity Concerns
Cybersecurity researchers and IT administrators have voiced concerns over Google’s newly introduced ZIP and MOV Internet domains. These domains, they caution, could potentially be exploited by cybercriminals for phishing attacks and malware delivery. The issue lies in the fact that these domains are also extensions of files commonly shared in online discussions, messages, and forum…
-
![]()
Microsoft Boosts Security with SharePoint’s New Ability to Scan Encrypted Files Amid Unannounced Policy Change
Microsoft has recently implemented a change to its SharePoint cloud storage service, allowing it to scan files that are encrypted or password-protected for potential malware. This is a significant change since antivirus applications have traditionally struggled to inspect password-protected files, thus making them an appealing avenue for hackers to deploy their malware. The change was…
-
![]()
Fortune 1000 Identity Exposure Report Highlights the Need for Strong Security Measures
A recent report by cybersecurity firm SpyCloud has found that password reuse and malware infections are putting Fortune 1000 companies at risk of identity exposure. The report analyzed over 2.27 billion breach and malware-exfiltrated assets in the company’s database that are directly linked to Fortune 1000 employee accounts. In a staggering revelation, a total of…
