Cybersecurity
Category Added in a WPeMatico Campaign
The exposed API tokens had write permissions, allowing attackers to modify files in account repositories and potentially manipulate existing models, posing a significant threat to organizations and their applications.
DePauw University warned students this week that their personal information may have been accessed by hackers who attacked the school. The school newspaper reported that on November 27, current and prospective students were sent letters notifying them of a data leak and providing them with one year of free identity protection services. The liberal arts […]
Summary A new P2Pinfect variant compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture has been discovered This demonstrates increased targeting of routers, Internet of Things (IoT) and other embedded devices by those behind P2Pinfect The new sample includes updated evasion mechanisms, making it more difficult for researchers to dynamically analyse These include Virtual […]
Dec 04, 2023NewsroomEncryption / Technology New research has unearthed multiple novel attacks that break Bluetooth Classic’s forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle (AitM) scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2 through 5.4. They are tracked under the identifier CVE-2023-24023 (CVSS score: 6.8) and […]
Fortune-telling website WeMystic exposes 13M+ user records Pierluigi Paganini December 02, 2023 WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms’ users. Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The content platform WeMystic […]
As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn’t have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk […]
With the proliferation of SaaS applications, remote work and shadow IT, organizations feel obliged to embrace cloud-based cybersecurity. And rightly so, because the corporate resources, traffic, and threats are no longer confined within the office premises. Cloud-based security initiatives, such as Secure Access Service Edge (SASE) and Security Service Edge (SSE), comprising Secure Web Gateway […]
Dec 04, 2023NewsroomMalware / Botnet Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that’s capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is compiled for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, broadening its capabilities and reach. “It’s highly likely that by targeting MIPS, […]
The proxy trojan connects to a command and control server via DNS-over-HTTPS and supports creating TCP or UDP connections, indicating a sophisticated and wide-ranging campaign targeting multiple systems.