Port shadow: Yet another VPN weakness ripe for exploit – CSO Online
A new flaw in virtual private networks (VPNs) was reported last week at a security conference. The flaw, discovered by a collection of academic and industry researchers, has to do…
Cyber
CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List – The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed…
ICS malware FrostyGoop disrupted heating in Ukraine, remains threat to OT worldwide – CSO Online
Security researchers warn about a new malware threat designed to interact with industrial control systems (ICS) over the Modbus protocol. The malicious program was used in January in a cyberattack…
Russia Adjusts Cyber Strategy for the Long Haul in War With Ukraine – Dark Reading
Russia has cast aside its focus on civilian infrastructures and is instead targeting Ukraine’s military operations in myriad ways. – Read More
Phish-Friendly Domain Registry “.top” Put on Notice – Krebs on Security
The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing…
China’s ‘Evasive Panda’ APT Spies on Taiwan Targets Across Platforms – Dark Reading
The cohort’s variety of individual tools covers just about any operating system it could possibly wish to attack. – Read More
Goodbye? Attackers Can Bypass ‘Windows Hello’ Strong Authentication – Dark Reading
Accenture researcher undercut WHfB’s default authentication using open source Evilginx adversary-in-the-middle (AitM) reverse-proxy attack framework. – Read More
CrowdStrike failure: What you need to know – CSO Online
Cybersecurity vendor CrowdStrike initiated a series of computer system outages across the world on Friday, July 19, disrupting nearly every industry and sowing chaos at airports, financial institutions, and healthcare…
Sprawling CrowdStrike Incident Mitigation Showcases Resilience Gaps – Dark Reading
A painful recovery from arguably one of the worst IT outages ever continues, and the focus is shifting to what can be done to prevent something similar from happening again.…
Attackers Exploit ‘EvilVideo’ Telegram Zero-Day to Hide Malware – Dark Reading
An exploit sold on an underground forum requires user action to download an unspecified malicious payload. – Read More
Wanted: A SBOM Standard to Rule Them All – Dark Reading
A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security. – Read More
Shocked, Devastated, Stuck: Cybersecurity Pros Open Up About Their Layoffs – Dark Reading
Here’s a dose of reality from those on the frontlines and how they’re coping. – Read More
Chinese Hackers Target Taiwan and US NGO with MgBot Malware – The Hacker News
Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools.…
Google abandons plans to drop third-party cookies in Chrome – CSO Online
As a major update to Chrome’s new cross-site tracking protection policy, Google announced that it is no longer considering dropping support for third-party cookies. Third-party cookies, which refer to the…
New ICS Malware ‘FrostyGoop’ Targeting Critical Infrastructure – The Hacker News
Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the…