OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks
Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth…
Security
Surveillance by the US Postal Service
This is not about mass surveillance of mail, this is about sorts of targeted surveillance the US Postal Inspection Service…
How to Generate CSR for Apache with OpenSSL?
To enable safe and encrypted connection between your Apache server and users, you must first generate a CSR (Certificate Signing…
Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks
Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. Sophos…
December 2023 Microsoft Patch Tuesday fixed 4 critical flaws
Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day. Microsoft Patch Tuesday…
Ukrainian military intelligence service hacked the Russian Federal Taxation Service
The Ukrainian government’s military intelligence service announced the hack of the Russian Federal Taxation Service (FNS). Hackers of the Main…
Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack
Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that paralyzed its services. The attack is linked…
Dubai’s largest taxi app exposes 220K+ users
The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the…
Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware
North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked…
Black Hat Europe 2023: Should we regulate AI?
ChatGPT would probably say “Definitely not!”, but will we learn any lessons from the rush to regulate IoT in the…