The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below – CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to […]
Cyber News
Trump Team Eyes Tougher Cyber Tactics Waltz: Hackers “Must Feel Consequences” as 2025 Looms On Sunday, Representative Mike Waltz—President-elect Donald Trump’s incoming pick for national security adviser—signaled a major shift in U.S. cyber policy. Two days after his appearance on CBS’s Face the Nation, the message still reverberates through Washington: No more hunkering down. No […]
Cyber Thoughts
Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. “Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over […]
Cyber News
Graham CLULEY December 16, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Rydox, an online marketplace used by cybercriminals to sell hacked personal information and tools to commit fraud, has been seized in an international law enforcement operation and its suspected administrators arrested. Rydox has been operating since early 2016, […]
Cyber News
A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. “NoviSpy allows for capturing sensitive personal data from a target’s phone after infection and provides the ability to turn on the phone’s microphone or […]
Cyber News
This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. […]
Cyber News
Starting next year: Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time […]
Cyber News
With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore the concept of CI/CD pipeline governance and why it’s vital, […]
Cyber News
Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. “The main goal of the fraudsters is to lead victims to phishing websites and forms that […]
Cyber News