Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins
Invisible authentication mechanisms in Microsoft allow any attacker to escalate from privileged to super-duper privileged in cloud environments, paving the…
Monitoring Changes in KEV List Can Guide Security Teams
The number of additions to the Known Exploited Vulnerabilities catalog is growing quickly, but even silent changes to already-documented flaws…
CrowdStrike Will Give Customers Control Over Falcon Sensor Updates
The security vendor has also implemented several changes to protect against the kind of snafu that crashed 8.5 million Windows…
Knostic Wins 2024 Black Hat Startup Spotlight Competition
During a “Shark Tank”-like final, each startup’s representative spent five minutes detailing their company and product, with an additional five…
Cybercrime Rapper Sues Bank over Fraud Investigation
A partial selfie posted by Puchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device,…
Creating Insecure AI Assistants With Microsoft Copilot Studio Is Easy
Microsoft claims 50,000 organizations are using its new Copilot Creation tool, but researcher Michael Bargury demonstrated at Black Hat USA…
Chameleon Banking Trojan Makes a Comeback Cloaked as CRM App
The evolving malware is targeting hospitality and other B2C workers in Canada and Europe with capabilities that can evade Android…
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious…
New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers
Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate…
The API Security Crisis: Why Your Company Could Be Next
You’re only as strong as your weakest security link. You’re only as strong as your weakest security link. Read More
