In a significant cybersecurity revelation, a zero-day vulnerability in the Telegram messaging app for Android, dubbed ‘EvilVideo,’ has been uncovered, allowing attackers to send… Read More
Blog Directory > Technology Blogs > Cyber security news technology Blog >
Cyber Security News Blog
1
Tags:
stellar repair
azure
repair
outlook
soc automation
azure application insights
security
automation
response
radius
network
security
vulnerability
execute arbitrary code
impacted
openssh
malicious
malicious apk
telegram
microsoft management console
execute arbitrary code
elastic security labs
identify
impact
Cyber security blog and news
In a startling turn of events, a global technology outage triggered by a defective software update from CrowdStrike has led to widespread chaos across various sectors worldwide. The incident… Read More
The Blast-RADIUS vulnerability represents a critical flaw in the RADIUS (Remote Authentication Dial-In User Service) protocol, which has been a cornerstone of network security for over three… Read More
Nowadays, cyber threats are advancing more rapidly than ever in history. They pose big risks to organizations worldwide. SOCs are the answer to that. They do this by monitoring, detecting, a… Read More
A new critical vulnerability, identified as CVE-2024-6387, has been discovered in OpenSSH. This flaw involves a signal handler race condition that can potentially be exploited by attackers t… Read More
Elastic Security Labs has uncovered a novel technique, GrimResource, that leverages specially crafted Microsoft Management Console (MMC) files for initial access and evasion, posing a signif… Read More
Microsoft Outlook is a widely used email client that relies on PST (Personal Storage Table) files to store emails, contacts, calendar entries, and other data. However, these PST files can be… Read More
A significant security vulnerability has been discovered by Tenable Research that affects Azure customers relying on Service Tags for their firewall rules. This vulnerability allows attacker… Read More
In the rapidly evolving landscape of cybersecurity, sophisticated attacks continue to challenge even the most prepared organizations. A recent cyber intrusion targeting MITRE’s Network… Read More
The Principle of Least Privilege (PoLP) is a foundational concept in cybersecurity, aimed at minimizing the risk of security breaches. By granting users and applications the minimum levels o… Read More
A significant security flaw, identified as CVE-2023-49606, has been reported by Cisco Talos in the widely used Tinyproxy software. This vulnerability, stemming from improper handling of HTTP… Read More
The cybersecurity community has recently been abuzz with discussions surrounding CVE-2024-3400, a critical vulnerability affecting Palo Alto Networks’ PAN-OS, used in their popular fir… Read More
Security is very important in software systems in this era of digital. Today, it is not just possible to have data breaches or cyber attacks; they must occur if someone does not take precaut… Read More
In a recent study conducted by SafeBreach Labs, a security research team has uncovered a trio of vulnerabilities stemming from a longstanding issue within the DOS-to-NT path conversion proce… Read More
CVE-2024-31497 has emerged as a critical security flaw affecting PuTTY, a widely used SSH and Telnet client, from versions 0.68 through 0.80, all of which are now confirmed to have a serious… Read More
In the evolving landscape of container orchestration, Kubernetes has emerged as the de facto standard due to its flexibility, scalability, and robust community support. However, as with any… Read More
In a recent disclosure, cybersecurity firm Bitdefender has revealed a series of critical vulnerabilities within LG’s WebOS, the operating system used in many of the brand’s smart… Read More
Security analysis of web applications is, first of all, a search and investigation of cases of incorrect functioning of program code and vulnerabilities. Those who choose a penetration teste… Read More
In an unsettling development that emerged late last week, the open-source community was thrust into a state of high alert following the disclosure that XZ Utils, a fundamental compression ut… Read More
On an unexpected Tuesday, the collision of a container ship with the Francis Scott Key Bridge in Baltimore not only disrupted the normal flow of traffic and commerce but also sparked a vigor… Read More
The Checkmarx Research team has unearthed a sophisticated attack campaign that leveraged fake Python infrastructure to target the software supply chain, affecting over 170,000 users, includi… Read More
In the evolving landscape of cybersecurity threats, a new class of Distributed Denial of Service (DDoS) attacks has emerged, exploiting the intricate dance between network services. This phe… Read More
Continuous Threat Exposure Management (CTEM) is an evolving cybersecurity practice focused on identifying, assessing, prioritizing, and addressing security weaknesses and vulnerabilities in… Read More
In recent developments, cybersecurity experts have raised alarms over a high-severity vulnerability identified in Kubernetes, marked as CVE-2023-5528. This critical flaw has the potential to… Read More
In a significant cybersecurity incident, Russian state-backed hackers gained access to some of Microsoft’s core software systems. This breach, first disclosed in January, marks a criti… Read More
In a significant development that could reshape the cybersecurity landscape of industrial control systems (ICS), a team of researchers from the Georgia Institute of Technology has unveiled a… Read More
In the interconnected world of modern software development, Application Programming Interfaces (APIs) play a pivotal role in enabling systems to communicate and exchange data. As the linchpi… Read More
In a recent unsettling development, American Express has confirmed that sensitive information related to its credit cards has been compromised due to a data breach at a third-party service p… Read More
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, has… Read More
In a recent security update, AnyDesk, a renowned remote desktop software provider, disclosed a security breach affecting its production systems. The company swiftly initiated a thorough secu… Read More
In the dynamic world of digital transactions, where convenience meets technology, there exists a silent adversary – online payment fraud. This digital menace poses a significant th… Read More
The recent discovery of a significant flaw in the GNU C Library (glibc), a fundamental component of major Linux distributions, has raised serious security concerns. This flaw grants attacker… Read More
Introduction: The Transformative Power of White Label SEO
The digital marketing landscape is ever-evolving, and in this dynamic environment, white label SEO services have emerged as a gam… Read More
Recent news about a critical vulnerability in Jenkins, identified as CVE-2024-23897, has raised significant concerns in the cybersecurity community. This vulnerability has been highlighted d… Read More
Varonis Threat Labs has uncovered a significant vulnerability in Microsoft Outlook (CVE-2023-35636) that allows attackers to access NTLM v2 hashed passwords. This discovery also includes vul… Read More
The cybersecurity field continuously generates new terms and concepts as it evolves with time. It also repurposes words to describe new concepts. There’s a never-ending flow of jargon… Read More
Artificial Intelligence (AI) has arisen as a wildly disruptive technology across many industries. As AI models continue to improve, more industries are sure to be disrupted and affected. One… Read More
Trend Micro’s recent threat hunting efforts have uncovered active exploitation of CVE-2023-36025, a vulnerability in Microsoft Windows Defender SmartScreen, by a new strain of malware… Read More
Stepping into 2024, Open XDR innovator Stellar Cyber is reflecting on 2023.
Stellar Cyber’s CEO and Co-Founder, Changming Liu, writes:
“Going into 2023, we had four clear o… Read More
Recently, there has been an emergence of a new scam targeting victims of ransomware attacks. This scam involves individuals or groups posing as “security researchers” or “e… Read More
In the rapidly evolving landscape of artificial intelligence, generative AI systems have become a cornerstone of innovation, driving advancements in fields ranging from language processing t… Read More
In 2023, we’ve made an immense contribution to cybersecurity. Artificial Intelligence is an excellent tool for managing security and protecting systems, but it can do considerable dama… Read More
It’s a tough world out there – and businesses know it better than anyone. While it takes only a few steps to launch a venture, ensuring it lasts is the real challenge. Companies… Read More
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a dual privilege escalation chain in Google Kubernetes Engine (GKE). This vulnerability, stemming from specific configur… Read More
SMTP stands for Simple Mail Transfer Protocol. It’s a protocol used for sending emails across the Internet. SMTP operates on a push model, where the sending server pushes the email to… Read More
CVE-2023-35628 is a critical remote code execution (RCE) vulnerability affecting the Microsoft Windows MSHTML platform, with a Common Vulnerability Scoring System (CVSS) score of 8.1, indica… Read More
Recent cybersecurity research has unveiled a critical vulnerability impacting over 1,450 pfSense servers, exposing them to potential remote code execution (RCE) attacks. This vulnerability a… Read More
In the ever-evolving landscape of cybersecurity, researchers are continually uncovering new methods that challenge existing defense mechanisms. A recent study by SafeBreach, a leader in cybe… Read More
The research Sierra:21 – Living on the Edge” presents an analysis of vulnerabilities found in Sierra Wireless AirLink cellular routers, which are widely used in OT/IoT (Operation… Read More
In the ever-evolving landscape of cybersecurity, a new threat has emerged, casting a long shadow over the integrity of computer systems worldwide. Dubbed ‘LogoFAIL,’ this set of… Read More
Cybersecurity is the industry of the future.
If we only consider the financial damage of security incidents, the data shows that the cost of cybercrime is expected to double by 2027.
I… Read More
In this review, we will be taking a live scenario where an Exchange Server is infected by a ransomware. We will see how to rebuild the Exchange Server after the ransomware attack and how to… Read More
In a striking revelation shaking the cybersecurity world, researchers have unearthed a sophisticated web shell, dubbed ‘HrServ,’ hidden within a seemingly innocuous DLL file, &ls… Read More
Cyber criminals have utilized cryptocurrency exchanges like Binance for money laundering due to the pseudonymous nature of digital currencies. Here’s a general overview of how they mig… Read More
In a startling revelation, Bitdefender, a leading cybersecurity firm, has disclosed a series of sophisticated attack methods that could significantly impact users of Google Workspace and Goo… Read More
CVE-2023-36052 is a critical security vulnerability in the Azure Command-Line Interface (CLI), a tool for managing Azure resources. This vulnerability, reported by Palo Alto’s Prisma C… Read More
Nowadays, businesses are facing continuous cyber threats and several have lost valuable data to hackers. As a fact, every business needs to keep its network safe to protect sensitive data. A… Read More
Living-off-the-land (LotL) techniques in cyber attacks refer to the use of legitimate, native tools already present in the target system to carry out malicious activities. This approach is p… Read More
User and Entity Behavior Analytics, commonly referred to as UEBA, is a cybersecurity concept that utilizes machine learning, algorithms, and statistical analyses to detect abnormal behavior… Read More
Kubernetes has become the de facto orchestration platform for managing containerized applications, but with its widespread adoption, the security of Kubernetes clusters has come under greate… Read More
CVE-2023-4911 is a serious security vulnerability within the GNU C Library (glibc), specifically in the dynamic loader ld.so, associated with the processing of the GLIBC_TUNABLES environment… Read More
There are many things you might need to take care of when it comes to managing a vacant property, but securing it is one of the most important responsibilities you have. But it’s not j… Read More
The Common Vulnerability Scoring System (CVSS) has been updated to version 4.0, which has been formally announced by the Forum of Incident Response and Security Teams (FIRST). This update co… Read More
According to TorHunter.com, Darknet markets are seeing a rise in activity, with sales likely to hit $10 billions in 2024. These hidden markets, operating in encrypted networks, are a g… Read More
According to TorHunter.com, Darknet markets are seeing a rise in activity, with sales likely to hit $10 billions in 2024. These hidden markets, operating in encrypted networks, are a g… Read More
Mobile network data might be one of our most recent and thorough dossiers. Our mobile phones are linked to these networks and expose our demographics, social circles, purchasing habits, slee… Read More
According to a recent study published by the leading cybersecurity agency in France, a hacking organisation affiliated with Russia’s military intelligence agency has been spying on Fre… Read More
Redcliffe Labs is one of the most comprehensive testing facilities in India. It provides more than 3,600 different diagnostic tests for illnesses and wellbeing. Users of the mobile applicati… Read More
The recent Okta breach has raised concerns within the cybersecurity community. On October 20, 2023, Okta, a provider of identity services like multi-factor authentication and single sign-on… Read More
BlackCat’s ransomware operators have recently introduced a new tool called “Munchkin,” enabling the propagation of BlackCat payloads to remote machines and shares within a… Read More
In a digital realm where security forms the bedrock of seamless operations, vulnerabilities act as ticking time bombs, waiting for exploitation. One such critical vulnerability, dubbed CVE-2… Read More
Cisco IOS XE is a robust and flexible operating system, optimized for the evolving landscape of enterprise networking and technology. It enables model-driven programmability, application hos… Read More
Comprehensive Analysis: ToddyCat’s Advanced Toolset and Stealthy Cyber Espionage Tactics
ToddyCat, an Advanced Persistent Threat (APT) group, has garnered attention for its clan… Read More
In-depth Analysis: Navigating the Perils of CVE-2023-5218 in Google Chrome
The digital realm, while offering boundless possibilities, is also a fertile ground for myriad cybersecurity… Read More
Cobalt Strike, a legitimate commercial penetration testing tool, has inadvertently become a favored instrument among cybercriminals for its efficacy in infiltrating network security… Read More
The Greek philosopher Heraclitus is known for asserting that “change is the only constant in life.” In regards to cryptocurrency prices, this is the case to a great degree since… Read More
Deciphering Webwyrm: An In-Depth Analysis of the Pervasive Malware Threatening Global Cybersecurity
In the intricate landscape of global cybersecurity, Webwyrm malware has surfaced as… Read More
Cyberattack on MGM Resorts: A Financial Debacle
MGM Resorts encountered a devastating cyberattack recently, incurring an approximate financial setback of $100 million. Unveiled on Sep… Read More
The team at Qualys Threat Research Unit has unveiled a fresh vulnerability within the Linux operating system, allowing local attackers to escalate their access level to root privileges. This… Read More
Qualcomm recently issued warnings about three zero-day vulnerabilities within its GPU and Compute DSP drivers that are currently being exploited by hackers. These warnings were initiated bas… Read More
In Frost & Sullivan’s “Frost Radar: Extended Detection and Response 2023” report, the business consulting and market research firm lists Stellar Cyber as an innovator i… Read More
Threat actors have begun utilizing an innovative approach to zero-point font obfuscation, a pre-existing technique, in an attempt to deceive users of Microsoft Outlook. They do so by creatin… Read More
A notorious threat actor with presumed ties to the Chinese government, known as “BlackTech”, has reportedly been exploiting Cisco routers to infiltrate major corporations in the… Read More
Google has designated a brand new CVE number for a major security vulnerability that has been discovered in the libwebp image library, which is used for displaying pictures in the WebP forma… Read More
The notorious ransomware organization known as RANSOMEDVC made the brazen claim that they were succeeded in breaching the defenses of the Japanese multinational conglomerate behemoth Sony or… Read More
As part of an ongoing cyber espionage effort, the Iranian nation-state hacking group known as OilRig has continued to target government entities in the Middle East. This cyber espionage camp… Read More
In cybersecurity, one particular malware seems to draw attention more than others: ransomware. Over the years, ransomware attacks have become increasingly sophisticated by employing advanced… Read More
TeamsPhisher is a Python3 software that was designed to make it easier for phishing messages and attachments to be sent to users of Microsoft Teams whose companies or organizations permit co… Read More
Within the expansive domain of collaboration tools, Atlassian’s Bitbucket and Confluence emerge as prominent figures, bestowing their enabling capabilities onto many developers and tea… Read More
Recent events have shown that the artificial intelligence (AI) research branch of Microsoft was the victim of a serious data disclosure breach. An incorrect configuration of an Azure storage… Read More
In today’s hyper-connected digital universe, safeguarding data has become an indispensable priority for organizations worldwide. Your data is your most valuable asset, and protecting i… Read More
According to the findings of Akamai’s security experts, a high-severity vulnerability in Kubernetes may be exploited to accomplish remote code execution (RCE) on any Windows endpoints… Read More
An intruder might utilize a security hole in the Android App Pin feature to make illegal purchases using Google Wallet if they are determined enough to do so. Because of the vulnerability, a… Read More
A webmail service known for its emphasis on users’ privacy, Proton Mail, has serious code flaws that were discovered by a group of researchers. These vulnerabilities might have put the… Read More
MITRE and the US Cybersecurity and Infrastructure Security Agency (CISA) have collaborated to develop a new open source tool that simulates cyber-attacks on operational technology (OT). The… Read More
A new sextortion scam is doing the rounds that impersonates an email from the pornographic website YouPorn and warns that a sexually explicit video of the victim has been published to the we… Read More
Several telescopes are still down weeks after a cybersecurity attack was discovered by US National Science Foundation (NSF) researchers. There is presently no information available on w… Read More
A kind of attack known as prompt injection is directed against LLMs, which are the language models that are the driving force behind chatbots such as ChatGPT. It is the process by which an a… Read More
After the American fashion outlet announced that it had experienced a data breach at some of its locations, the clothing company Forever 21 is advising consumers to keep a careful look on th… Read More
Juniper Networks, a company that manufactures widely used networking equipment as well as security solutions, has issued a warning about vulnerabilities that are present in the operating sys… Read More