Author: nlqip

Oct 21, 2024Ravie LakshmananEncryption / Data Protection Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. “The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext,”…

Read More

Several end-to-end encrypted (E2EE) cloud storage platforms are vulnerable to a set of security issues that could expose user data to malicious actors. Cryptographic analysis from ETH Zurich researchers Jonas Hofmann and Kien Tuong Turong revealed issue with Sync, pCloud, Icedrive, Seafile, and Tresorit services, collectively used by more than 22 million people. The analysis…

Read More

The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. Since last night, BleepingComputer has received numerous messages from people who received replies to their old Internet Archive removal requests, warning that the organization has been breached as they did…

Read More

Oct 20, 2024Ravie LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified…

Read More

A threat actor called “IntelBroker” posted an advertisement on a dark web forum for the sale of information stolen from Cisco. The actor claimed that the data from this breach contains sensitive information such as GitHub projects, source code, credentials, certificates, access to cloud storage buckets, and more. On October 15, 2024 Cisco released a…

Read More

Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity. The…

Read More

It’s true: Google Scholar profile of the renowned former physicist and polymath, Sir Isaac Newton bears a “verified email” note. According to Google Scholar, Isaac Newton is a “Professor of Physics, MIT” with a “Verified email at mit.edu.” The mystery of ‘verified’ scholar Isaac Newton Earlier this week, Jay Cummings, a math professor at California State University, Sacramento, and a…

Read More

A threat actor advertised 3.4 million pieces of PII data of Pakistani government website “Benazir Income Support Program Government of Pakistan” (bisp.gov.pk). The advertisement shared in a Telegram group. It was claimed that the data included information such as full address, father’s name, mobile number, gender, as can be seen below. Like this: Like Loading… Related…

Read More

Microsoft has admitted to a significant lapse in its cloud security logging, leaving customers vulnerable to undetected intrusions for over two weeks. A bug in the company’s internal monitoring system resulted in the loss of critical security logs between September 2nd and 19th. This incident affects several key Microsoft cloud products, including Entra, Sentinel, Defender…

Read More

Access Denied You don’t have permission to access “http://cybersecurity.att.com/blogs/security-essentials/celebrating-internet-day-the-tech-trifecta-shaping-our-digital-future” on this server. Reference #18.c7d7ce17.1729332260.24e72338 https://errors.edgesuite.net/18.c7d7ce17.1729332260.24e72338 Source link lol

Read More