-
Google Introduces New Measures to Enhance Security and Support Vulnerability Researchers
Google Introduces New Measures to Enhance Security and Support Vulnerability Researchers In a bid to improve security and reduce the risk of vulnerabilities, Google has announced new initiatives designed to protect researchers and elevate the cybersecurity industry as a whole. These initiatives were revealed in a blog post published on Google’s official blog on April…
-
![]()
Kodi User Forum Rebuilds Following Data Breach Impacting 400,000 Members
Open source home theater software developer Kodi is working to rebuild its user forum following a significant data breach in February 2023. The incident came to light after a threat actor advertised a database dump of Kodi’s MyBB user forum software on underground forums. The breach compromised the data of approximately 400,000 Kodi users, including…
-
![]()
Effective Strategies for Recovery and Prevention of BlackLotus
Microsoft’s Security Blog has issued a critical guide to assist organizations in assessing potential compromise by threat actors exploiting CVE-2022-21894 through a dangerous Unified Extensible Firmware Interface (UEFI) bootkit known as “BlackLotus.” This UEFI bootkit operates during computer startup, before the loading of the operating system, enabling it to tamper with or deactivate security mechanisms…
-
![]()
Microsoft Addresses Zero-Day Vulnerability in April 2023 Patch Tuesday
April 11, 2023 — Microsoft has released its April 2023 Patch Tuesday security updates, addressing a total of 97 Common Vulnerabilities and Exposures (CVEs), including a high-severity zero-day vulnerability and a critical remote code execution vulnerability in Windows Pragmatic General Multicast (PGM). This patch addressed a zero-day vulnerability, identified as CVE-2023-28252, is an elevation of…
-
![]()
Critical Exploitation Path Uncovered in Microsoft Azure Shared Key Authorization by Orca Security Researchers
Researchers at Orca Security have uncovered a critical exploitation path involving Microsoft Azure Shared Key authorization, which could lead to subscription privilege escalation and remote code execution (RCE). In a blog post published on April 11, 2023, Orca Security detailed their discovery and the potential impact it may have on organizations utilizing Microsoft Azure’s cloud…
-
![]()
Alarming Number of Organizations Cover Up Data Breaches, Study Reveals
A new study by cybersecurity vendor Bitdefender has revealed a concerning trend of organizations deliberately covering up data breaches, with nearly a third of respondents admitting to keeping breaches confidential instead of reporting them. The research, released by Bitdefender, surveyed over 400 IT and security professionals employed in companies with 1,000 or more employees. The…
-
![]()
Cisco Patches Critical Command Injection Vulnerabilities in Key Network Products
On April 5, 2023, Cisco issued an urgent security advisory to address multiple command injection vulnerabilities identified in several of its key products: the Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure. These vulnerabilities could be exploited by an authenticated, local attacker to bypass the restricted shell and…
-
![]()
Apple Issues Urgent Update to Fix Actively Exploited iOS Zero-Days
Cupertino, California – Apple has urgently released a major security update to address two zero-day vulnerabilities that were already being exploited in the wild. The company announced the rollout of the iOS 16.4.1 and iPadOS 16.4.1 updates, which include fixes for software flaws that could have exposed iPhone and iPad users to arbitrary code execution…
-
![]()
Microsoft and Cybersecurity Partners Take Action to Disrupt Malware Distribution
Microsoft’s Digital Crimes Unit (DCU) has teamed up with cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) to take technical and legal action against cybercriminals who have been using cracked, legacy copies of Cobalt Strike and abused Microsoft software to distribute malware, including ransomware. This joint effort marks a change in…
-
![]()
Data Breach Settlement Reached with NuLife Med LLC
Philadelphia, PA – A settlement has been reached in a class action lawsuit against NuLife Med LLC regarding the safeguarding of personally identifiable and financial information (PII) and protected health information (PHI) of Plaintiff and the Class Members. The lawsuit alleged that NuLife Med LLC failed to properly secure and safeguard this information, including medical…
