Month: June 2024

Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack. Further, to keep the internet safe,…

Read More

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the “ask” function that could be exploited to trick the library into executing…

Read More

Jun 27, 2024NewsroomCyber Crime / Cyber Warfare A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia’s full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed to…

Read More

Four alleged members of the FIN9 cybercrime gang have been charged in relation to a series of hacks that caused over US $71 million of losses for companies across the United States. The defendants, all Vietnamese nationals, are accused of launching a series of sophisticated phishing and supply-chain attacks to gain unauthorised access to company…

Read More

Jun 27, 2024NewsroomVulnerability / Enterprise Security A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been…

Read More

Able to spot unwelcome changes to files or detect tell-tale patterns (Social Security numbers, administrative credentials, and so on) in unwelcome places (like outgoing email attachments), Yara is a powerful tool with a seemingly endless number of uses. There are limits to signature-based detection, so it would be a bad idea to rely on Yara…

Read More

Business Security Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies 26 Jun 2024  •  , 5 min. read Offsetting business risk with insurance is not new. Early mariners transporting their goods around the world hundreds of years ago faced significant risk…

Read More

Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. A joint report from SentinelLabs and Recorded Future analysts presents the case of ChamelGang, a suspected Chinese advanced persistent threat (APT) that has been using the…

Read More

Wikileaks’s Julian Assange is a free man, deepfakes cause trouble in the playground, and we hear hot takes about ransomware and tales from inside a devastating denial-of-service attack. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this…

Read More

Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. In a week packed with cybersecurity incidents, threat actors have…

Read More