Security News

Filter by:

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner.
The Hacker News 26 Jul 2024 122 Views

Docker fixes critical 5-year old authentication bypass flaw

Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. [...]
Bleepingcomputer 25 Jul 2024 228 Views

Google Chrome now warns about risky password-protected archives

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [...]
Bleepingcomputer 25 Jul 2024 230 Views

North Korean hacker got hired by US security vendor, immediately loaded malware

KnowBe4, which provides security awareness training, was fooled by stolen ID.
Ars Technica 25 Jul 2024 860 Views

BreachForums v1 database leak is an OPSEC test for hackers

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. [...]
Bleepingcomputer 24 Jul 2024 222 Views

CrowdStrike: 'Content Validator' bug let faulty update pass checks

CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. [...]
Bleepingcomputer 24 Jul 2024 234 Views

Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication

Accenture researcher undercut WHfB's default authentication using open source Evilginx adversary-in-the-middle (AitM) reverse-proxy attack framework.
Dark Reading 24 Jul 2024 288 Views

Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon® sensor impacting Windows operating systems was identified, and a fix was deployed. [...]
CrowdStrike 24 Jul 2024 342 Views

Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure

On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365[.]com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt...
CrowdStrike 24 Jul 2024 208 Views

Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure

On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. [...]
CrowdStrike 24 Jul 2024 317 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY