CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog,…
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers
A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to…
Russia Adjusts Cyber Strategy for the Long Haul in War With Ukraine
Russia has cast aside its focus on civilian infrastructures and is instead targeting Ukraine’s military operations in myriad ways. Russia…
Goodbye? Attackers Can Bypass ‘Windows Hello’ Strong Authentication
Accenture researcher undercut WHfB’s default authentication using open source Evilginx adversary-in-the-middle (AitM) reverse-proxy attack framework. Accenture researcher undercut WHfB’s default…
China’s ‘Evasive Panda’ APT Spies on Taiwan Targets Across Platforms
The cohort’s variety of individual tools covers just about any operating system it could possibly wish to attack. The cohort’s…
Phish-Friendly Domain Registry “.top” Put on Notice
The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to…
Sprawling CrowdStrike Incident Mitigation Showcases Resilience Gaps
A painful recovery from arguably one of the worst IT outages ever continues, and the focus is shifting to what…
Attackers Exploit ‘EvilVideo’ Telegram Zero-Day to Hide Malware
An exploit sold on an underground forum requires user action to download an unspecified malicious payload. An exploit sold on…