CISA and US and International Partners Publish Guidance for OT Owners and Operators
Post Content
FTC Orders GoDaddy to Fix Inadequate Security Practices
The FTC claims that the Web hosting company’s security failures led to several major breaches in the past few years.
Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign
The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims’ WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection. “Star Blizzard’s targets are most commonly related to government or diplomacy (both incumbent and former position holders), defense policy or…
Rsync File Synchronization Tool Vulnerabilities
What are the Vulnerabilities?Six security vulnerabilities have been disclosed in the popular Rsync tool, an open-source file synchronization and data transferring tool utilized for its ability to perform incremental transfers, reducing data transfer times and bandwidth usage. Several popular backup software such as Rclone, DeltaCopy, and ChronoSync use Rsync for file synchronization. The vulnerabilities are…
Attackers Hijack Google Advertiser Accounts to Spread Malware
It’s an especially brazen form of malvertising, researchers say, striking at the heart of Google’s business; the tech giant says it’s aware of the issue and is working quickly to address the problem.
CISA: Second BeyondTrust Vulnerability Added to KEV Catalog
BeyondTrust has patched all cloud instances of the vulnerability and has released patches for self-hosted versions.
Extension Poisoning Campaign Highlights Gaps in Browser Security
Evidence suggests that some of the payloads and extensions may date as far back as April 2023.
North Korea’s Lazarus APT Evolves Developer-Recruitment Attacks
“Operation 99” uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. “The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages,” Jérôme Segura, senior…