Beware of Typosquatting: A Common Tactic Used by Threat Actors It’s no secret that threat actors often resort to cunning tactics to deceive unwary users and carry out malicious activities. One such technique that has been around for quite some time is typosquatting. This deceptive practice involves registering domains or packages with names that are…
The Rising Trend of Virtual Chief Information Security Officer (vCISO) Services Cynomi’s 2024 State of the vCISO Report sheds light on the increasing demand for virtual Chief Information Security Officer (vCISO) services. This independent survey showcases the benefits that both service providers and clients are experiencing. The popularity of vCISO services is on the rise,…
Gigamon, vodilno podjetje na področju varnosti hibridnega oblaka, se osredotoča na ključne izzive, s katerimi se soočajo direktorji za informacijsko varnost (CISO) v današnjem kompleksnem kibernetskem okolju. Pojav hibridnih oblačnih okolij je prinesel pomembne varnostne skrbi, zlasti glede vidnosti šifriranega prometa in lateralnega gibanja znotraj omrežij. V tem blogu bomo raziskali, kako Gigamonove rešitve za…
Critical Security Flaw Uncovered in LiteSpeed Cache Plugin for WordPress In the ever-evolving landscape of cybersecurity threats, researchers have unearthed a critical vulnerability in the LiteSpeed Cache plugin designed for WordPress websites. This loophole, identified as CVE-2024-44000 with a CVSS score of 7.5, poses a significant risk as it permits unauthorized users to gain control…
The Apache OFBiz Security Flaw: Unauthenticated Remote Code Execution A recent security concern has been identified in the Apache OFBiz open-source enterprise resource planning (ERP) system. This vulnerability, known as CVE-2024-45195 with a CVSS score of 7.5, is classified as high-severity. If exploited successfully, it could result in unauthenticated remote code execution on both Linux…
The Misguided Charges Against Telegram CEO Pavel Durov Telegram CEO Pavel Durov has finally spoken out after almost two weeks of silence following his arrest in France. In a statement on his Telegram account, Durov expressed his disbelief at the charges laid against him, calling them misguided and out of touch with the modern digital…
APT-C-60 izkorišča ranljivost v WPS Office za napad na Vzhodno Azijo APT-C-60, zloglasna skupina za kibernetsko vohunjenje, povezana z Južno Korejo, je bila ugotovljena ob izkoriščanju kritične ranljivosti (CVE-2024-7262) v priljubljeni programski opremi za pisarniško delo, WPS Office za Windows, z namenom izvajanja kod in pridobivanja podatkov v državah Vzhodne Azije. Raziskave so pokazale, da…
Veeam Releases Critical Security Updates to Address 18 Vulnerabilities Veeam, a popular software provider, has recently rolled out security updates to patch a total of 18 security flaws across its software products. Among these vulnerabilities, five are categorized as critical, potentially leading to remote code execution. Critical Vulnerabilities Overview One of the critical vulnerabilities includes…
The Persistent Cyber Campaign by Tropic Trooper In a recent development, unnamed government entities in the Middle East and Malaysia have become the targets of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. New Strategic Move by Tropic Trooper This cyber campaign has brought to light the…
The U.S. Department of Justice Seizes Pro-Russian Propaganda Domains In a bold move to counter foreign influence operations, the U.S. Department of Justice (DoJ) made an announcement on Wednesday about seizing 32 internet domains used by a pro-Russian propaganda organization known as Doppelganger. This operation is part of a broader effort to combat disinformation and…