Cyber Security News

July 20, 2023

Cybersecurity researchers from Orca Security have uncovered a new bug in the Google Cloud Build service which could allow threat actors to gain almost full access to Google Artifact Registry code repositories. The repercussions of the flaw, the researchers are saying in their report, are quite dire. The researchers named the vulnerability Bad.Build, saying it allows ...

July 20, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a ...

July 20, 2023

The software development life cycle (SDLC) refers to the series of steps that a software project goes through, from planning all the way through operation. It’s a cycle because once code has been released, the process continues and repeats through actions like coding new features, addressing bugs, and more. Shifting left involves implementing security practices earlier ...

July 20, 2023

North Korean state-backed hackers breached U.S. enterprise software company JumpCloud to target its cryptocurrency clients, security researchers said on Thursday. JumpCloud, a directory platform that allows enterprises to authenticate, authorize and manage users and devices, said this week that a nation-state actor was behind a June breach of its systems that forced the company to reset ...

July 19, 2023

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and its exploitation. In this post Kaspersky researchers highlight the key points ...

July 19, 2023

In June 2023, FortiGuard Labs detected the propagation of several DDoS botnets exploiting the Zyxel vulnerability (CVE-2023-28771). This vulnerability is characterized by a command injection flaw affecting multiple firewall models that could potentially allow an unauthorized attacker to execute arbitrary code by sending a specifically crafted packet to the targeted device. The severity of this flaw, ...

July 19, 2023

Over 5 years ago, Malwarebytes researchers began tracking a new campaign that they called FakeUpdates (also known as SocGholish) that used compromised websites to trick users into running a fake browser update. Instead, victims would end up infecting their computers with the NetSupport RAT, allowing threat actors to gain remote access and deliver additional payloads. Read more… Source: ...

July 19, 2023

The list of companies hit by a cyberattack on a widely used software tool continues to expand and several victims have filed lawsuits alleging mishandling of data. The continued disclosure of new victims affected by hackers exploiting a vulnerability in MoveIt, a common file-transfer tool from Progress Software, underscores how cyberattacks can ripple through supply chains. ...

July 19, 2023

The Biden administration struck its latest blow against foreign spyware makers on Tuesday, placing two Europe-based companies on its list that restricts U.S. companies’ business dealings with them. Greece-based Intellexa and the Hungarian company Cytrox are now on the Commerce Department’s “Entity List,” alongside related entities in Ireland and Macedonia, respectively. The organizations join Israeli spyware makers ...

July 19, 2023

More than a year ago, a cyberattack knocked out the system used in Kannapolis to dispatch police and firefighters. You wouldn’t know that based on what the city told the public. Read more… Source: Yahoo! News  

July 19, 2023

Many businesses don’t know if they have suffered a data breach, and probably wouldn’t be able to spot such an event at all, due to the ever-expanding threat landscape, and notification fatigue among IT staff, new research has claimed. A report from cybersecurity experts Vectra AI surveying more than 2,000 IT security analysts found that nearly ...