The Rise of Insider Threats: A New Challenge for Cyber Security In the ever-evolving landscape of cybersecurity, a new threat has emerged – the insider threat. It’s no longer just about defending against external hackers but also about keeping a close eye on your own trusted users. Picture this: you walk into work one morning…
Apple Withdraws Lawsuit Against NSO Group Due to Shifting Risk Landscape In a surprising turn of events, Apple has decided to drop its lawsuit against the notorious commercial spyware vendor NSO Group. The tech giant filed a motion to “voluntarily” dismiss the case, citing a rapidly evolving risk landscape that could potentially jeopardize critical threat…
Clever Phishing Technique Exploits HTTP Headers to Trick Users In the vast ocean of cyber threats, phishing remains a dominant form of attack, with cybercriminals devising new and sophisticated techniques to trick unsuspecting users. Recently, cybersecurity researchers uncovered a crafty phishing campaign that leverages a lesser-known vulnerability in HTTP headers to deceive individuals into divulging…
Ivanti’s Cloud Service Appliance Vulnerability Exploited in the Wild Ivanti recently disclosed that their Cloud Service Appliance (CSA) has fallen prey to active exploitation due to a newly patched security flaw. This high-severity vulnerability, identified as CVE-2024-8190 with a CVSS score of 7.2, permits remote code execution under specific circumstances. The Vulnerability The vulnerability lies…
The GAZEploit Vulnerability: A Threat to Apple’s Vision Pro Headset Recently, a security loophole known as GAZEploit has surfaced, posing a risk to Apple’s Vision Pro mixed reality headset. This vulnerability, now under the CVE identifier CVE-2024-40865, once exploited, could provide cyber attackers with the means to extract data entered via the headset’s virtual keyboard….
Teen Arrested for Cyber Attack on Transport for London British authorities have made a significant breakthrough in a cyber attack case related to Transport for London (TfL). The arrest of a 17-year-old male from Walsall has been reported in connection with the incident. The U.K. National Crime Agency (NCA) released a statement mentioning that the…
Malicious Actors Exploit Progress Software WhatsUp Gold Security Flaws Recently, there has been a surge in opportunistic cyber attacks leveraging publicly available proof-of-concept (PoC) exploits targeting newly disclosed security vulnerabilities in Progress Software WhatsUp Gold. This activity, which began on August 30, 2024, just five hours after a PoC was made public for CVE-2024-6670 (scoring…
Clever Tricks of TrickMo: A New Android Banking Trojan In the ever-evolving world of cyber threats, the emergence of a new variant of the infamous Android banking trojan TrickMo has caught the attention of cybersecurity researchers. This updated version is equipped with a range of sophisticated capabilities aimed at bypassing security measures and duping users…
GitLab Releases Security Updates to Address Critical Vulnerability GitLab, a popular DevOps platform, recently rolled out security updates to tackle 17 vulnerabilities, one of which has been classified as critical. This critical flaw, identified as CVE-2024-6678, has been assigned a CVSS score of 9.9 out of a possible 10.0. The vulnerability allows an attacker to…
Bank Customers in Central Asia targeted by Emerging Android Malware Bank customers in the Central Asia region have fallen prey to a new strain of Android malware known as Ajina.Banker. This malicious software, discovered by the Singapore-based cybersecurity firm Group-IB in November 2024, aims to steal financial information and intercept two-factor authentication (2FA) messages, posing…