
Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation
Jun 08, 2023Ravie LakshmananEndpoint Security / Zero-Day Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336,...

Burp Suite 2023.6 Released – What’s New!
PortSwigger released a brand-new version of Burp Suite 2023.6 that is intended for both Professional and Community users. BChecks, a new type of custom scan check, are introduced in this release. Additionally, it includes GraphQL scan checks, enhancements to Burp...

How to Create an Accessible Website and Why It Matters
Have you ever tried to access a website only to find that it’s difficult or impossible to navigate? This is a frustrating experience that many people with disabilities face on a daily basis. As a website owner, it’s important to...

Seven Essential Components Of A Top-Tier Attack Surface Management Program
1. Discover and Import Maintaining an up-to-date inventory of all your internet-facing assets is crucial for effective risk management. HackerOne automates continuous attack surface discovery, mapping your organization’s external perimeter using your brand name. This approach uncovers previously unknown...

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox
Jun 07, 2023Ravie LakshmananPrivacy / Technology Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use...

High-profile malware and targeted attacks in Q1 2023
Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff, a financially motivated threat actor known for stealing cryptocurrency. The threat actor typically exploits Word documents, using shortcut files for...

More Than 60,000 Android Apps Contain Adware That Has Remained Undetected For Six Months
Posted on June 7, 2023 at 6:33 AM More than 60,000 Android apps that have been disguised as legitimate applications have been installed adware on mobile devices. These apps have been running undetected over the past six months, and their...

Google Chrome Zero-Day Vulnerability Exploited Widely – Urgent Update
Google has recently taken prompt security measures by releasing a security update for its Chrome web browser, aiming to fix the third zero-day vulnerability of this year that hackers have exploited. The third Chrome zero-day vulnerability that was fixed recently...

New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency
Jun 06, 2023Ravie LakshmananCryptocurrency / Cyber Threat A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers. “The main purpose of...

Hackers Leak i2VPN Admin Credentials on Telegram
With over 500,000 downloads from the Google Play Store alone, i2VPN boasts a significant user base. In a recent cybersecurity incident, hackers have claimed to have successfully breached the admin credentials of i2VPN, a popular freemium VPN proxy server app...

Google Drive Flaw Allows Hackers To Exfiltrate Data Within Google Workspace
Posted on June 6, 2023 at 8:05 AM A recent report by cybersecurity researchers has conducted an intensive investigation into the techniques used to exfiltrate data within Google Workspace. Google Drive is among the most-used cloud-based storage platforms, and it...

Atomic Wallet Hit by $35M Theft in Recent Crypto Breach
Reports from affected users indicate that some lost their crypto assets after a recent software update, while others suffered losses despite not having updated to the latest version. In a recent incident that has sent shockwaves through the crypto community,...