“I have given extensive consideration to the question of whether the OAIC should invest further resources in scrutinizing the actions of Clearview AI, a company that has already been investigated by the OAIC and which has found itself the subject of regulatory investigations in at least three jurisdictions around the world as well as a…
Read MoreA critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. LiteSpeed Cache is open-source and the most popular WordPress site acceleration plugin, with over 5 million active installations and support for WooCommerce, bbPress, ClassicPress, and Yoast SEO. The unauthenticated privilege escalation vulnerability (CVE-2024-28000)…
Read MoreAug 21, 2024Ravie LakshmananCyber Espionage / Malware A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level…
Read MoreAccess Denied You don’t have permission to access “http://cybersecurity.att.com/blogs/security-essentials/cybersecurity-compliance-as-a-service-your-ticket-to-saving-money-time-and-sanity-with-cybersecurity-compliance” on this server. Reference #18.c5d7ce17.1724258600.b510715 https://errors.edgesuite.net/18.c5d7ce17.1724258600.b510715 Source link lol
Read MoreIn this blogpost we discuss an uncommon type of phishing campaign targeting mobile users and analyze a case that we observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation.…
Read MoreAug 21, 2024Ravie LakshmananSoftware Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack. “An authenticated attacker can…
Read MoreReports suggest that well-known cybersecurity vendors including Tenable, eSentire and Trend Micro are seeking to be acquired. Buyers Wanted The list of major cybersecurity vendors that are reportedly pursuing an acquisition by private equity investors—or are facing pressure to do so—is continuing to grow. Following recent reports that top security vendors including Tenable and Trend…
Read MoreCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read MoreAccording to user reports following this month’s Patch Tuesday, the August 2024 Windows security updates are breaking dual boot on some Linux systems with Secure Boot enabled. This issue is caused by Microsoft’s decision to apply a Secure Boot Advanced Targeting (SBAT) update to block Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 Secure Boot…
Read MorePhrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine’s history. Phrack is an underground online magazine first launched in 1985 as a text file distributed through Bulletin Board Systems (BBS) and later…
Read More