Attackers need to be in an adversary-in-the-middle position to intercept and modify the handshake exchange, making network compromise a key factor in executing the Terrapin attack.
The attackers infect victims’ devices and then inject a script onto the victim’s browser to modify webpage content. This new approach makes the attacks more stealthy and harder to detect.
Legacy vulnerabilities and Remote Desktop Protocol (RDP) endpoints are being singled out by attackers, according to new data based on billions of recorded cyber-attacks in 2023. Honeypot sensors set up in the UK by insurer Coalition have recorded 5.8 billion attacks so far in 2023, which works out roughly to 17 million each day. Three-quarters […]
The breach occurred after attackers exploited a critical vulnerability, known as Citrix Bleed, that had been actively exploited as a zero-day since August 2023. The company has asked users to reset their passwords.
Attackers target user accounts without robust authentication measures, creating new OAuth apps with high privileges to ensure continued access and hide their malicious activities.
Attackers have used hundreds of fake profiles on LinkedIn — many very convincing — to target professionals at companies in Saudi Arabia, not only for financial fraud, but to convince employees in specific roles to provide sensitive corporate information. In a presentation at the Black Hat Middle East and Africa conference last month, researchers said […]
The vulnerability, tracked as CVE-2023-6553, can be exploited by unauthenticated attackers without user interaction. Although a patch has been released, almost 50,000 WordPress websites still remain vulnerable to this critical security flaw.
This vulnerability could allow attackers to run arbitrary PHP code on a target website. The vulnerability is a Property Oriented Programming (POP) chain that requires an attacker to control all the properties of a deserialized object.
A Bluetooth authentication bypass vulnerability, tracked as CVE-2023-45866, allows attackers to connect to Apple, Android, and Linux devices and inject keystrokes to run arbitrary commands.