Hacks
Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being exploited in the wild. The bug (CVE-2022-34713) is tied to
Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs
The U.S. government has slapped sanctions on virtual currency mixer Tornado Cash for laundering more than $7 billion in crypto cash derived from cybercriminal activity.
Phishers Swim Around 2FA in Coinbase Account Heists
Threat actors are making their way around two-factor authentication (2FA) and using other clever evasion tactics in a recently observed phishing campaign aimed at taking
Open Redirect Flaw Snags Amex, Snapchat User Data
Attackers are exploiting a well-known open redirect flaw to phish people’s credentials and personally identifiable information (PII) using American Express and Snapchat domains, researchers have
VMWare Urges Users to Patch Critical Authentication Bypass Bug
VMware and experts alike are urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain
Universities Put Email Users at Cyber Risk
Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such
Securing Your Move to the Hybrid Cloud
Infosec Insider contributor Rani Osnat is SVP Strategy at Aqua Security The combination of private and public cloud infrastructure, which most organizations are already using,
Malicious Npm Packages Tapped Again to Target Discord Users
Threat actors once again are using the node package manager (npm) repository to hide malware that can steal Discord tokens to monitor user sessions and
Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office
Threat actors are finding their way around Microsoft’s default blocking of macros in its Office suite, using alternative files to host malicious payloads now that
Messaging Apps Tapped as Platform for Cybercriminal Activity
Cybercriminals are tapping the built-in services of popular messaging apps like Telegram and Discord as ready-made platforms to help them perform their nefarious activity in