Blog
Alleged Airbnb Data Breach Allegedly Exposes 1.2 Million User Records
This breach raises concerns about the security and privacy of Airbnb's user base, as the stolen data can be used for malicious purposes such as identity theft and phishing.
Alleged Airbnb Data Breach Allegedly Exposes 1.2 Million User Records
This breach raises concerns about the security and privacy of Airbnb's user base, as the stolen data can be used for malicious purposes such as identity theft and phishing.
VMware Releases Patch for Critical vCenter Server RCE Vulnerability
VMware has released security updates to address a critical vulnerability in their vCenter Server software. The flaw, known as CVE-2023-34048, allows for remote code execution and is of critical severity (CVSS score: 9.8).
Kazakhstan-Associated Yorotrooper Disguises Origin of Attacks as Azerbaijan
The threat actor attempts to disguise their origin by hosting infrastructure in Azerbaijan and using the Azerbaijani language in their operations, despite not being fluent in Azerbaijani.
Winter Vivern Exploits Zero-Day Vulnerability in Roundcube Webmail Servers
The vulnerability, assigned CVE-2023-5631, allowed attackers to execute arbitrary JavaScript code in the context of a Roundcube user's browser window through a specially crafted email.
CISA Working on Updated National Cyber Incident Response Plan
The updated plan will involve collaboration with industry stakeholders, government agencies, and critical infrastructure organizations, recognizing the private sector's role as the first responder to many cyber incidents.
Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms
Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by...
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in...
Cybercriminals Run Malicious Ads via Facebook
Criminals are hijacking business accounts on Facebook and running their own advertising campaigns, causing financial damage and reputational harm to legitimate account holders.
The Rise of S3 Ransomware: How to Identify and Combat It
In today's digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations. Despite S3 being a secure service from a reputable provider, its pivotal role in handling vast...
FREE GUIDE