Author: nlqip
Biometric authentication, often seen as a secure alternative to traditional password-based authentication, poses significant risks. Stored as digital data, biometrics face vulnerabilities such as theft, manipulation, and public exposure. Unlike passwords, biometrics can’t be easily changed, making stolen data perpetually dangerous. In a corporate setting, the adoption of employee biometrics can jeopardize personal data security…
Read Moreaio-libs — aiosmtpd aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced…
Read More
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it’s likely associated with the North Korean state-sponsored group tracked as Kimsuky. “The malware payloads used in the DEEP#GOSU represent a sophisticated, multi-stage threat designed…
Read MoreSoftware producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA’s Repository for Software Attestation and Artifacts. Software producers that provide the government software can fill out the form to attest to implementation of specific security practices. CISA and the Office of Management and Budget (OMB) released…
Read More
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Virtual reality (VR) offers profound benefits across industries, particularly in education and training, thanks to its immersive nature. Through derivatives, such as 3D…
Read More
Mar 18, 2024NewsroomVulnerability / Threat Mitigation Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. “A directory traversal…
Read More
Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems. The firm at the center of the British Post Office scandal, said in a Japanese press release that it had discovered the presence of malware on its computers, the potential theft of customer…
Read More
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. “It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website,” Netskope Threat…
Read More
Multiple GitHub repositories posing as cracked software codes were found attempting to drop the RisePro info-stealer onto victim systems. The campaign delivers a new variant of the RisePro info-stealing malware designed to crash malware analysis tools like IDA and ResourceHacker. G Data CyberDefense, the German cybersecurity company that made the discovery, reported that it had…
Read MoreDrones and the US Air Force Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft, which…
Read More