Cyber Security News

A proof-of-concept (PoC) exploit has been publicly released for a pair of critical zero-day vulnerabilities in Microsoft Windows that enable a novel “downgrade attack.” The flaws tracked as CVE-2024-38202 and CVE-2024-21302 were originally disclosed by SafeBreach researcher Alon Leviev at Black Hat USA 2024 and DEF CON 32 earlier this month. The vulnerabilities allow an […]

The post PoC Exploit Released for Windows 0-Day Downgrade Attack appeared first on Cyber Security News.

Mandiant recently disclosed a critical vulnerability in Microsoft Azure Kubernetes Services (AKS) that could have allowed attackers to escalate privileges and access sensitive credentials within affected clusters. The vulnerability impacted AKS clusters using “Azure CNI” for network configuration and “Azure” for network policy. An attacker with command execution in a Pod running within a vulnerable […]

The post Azure Kubernetes Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

A critical vulnerability tracked as CVE-2024-7646, has been uncovered in the widely used ingress-nginx Kubernetes controller. The flaw allows attackers to bypass annotation validation, poses a significant risk to Kubernetes clusters, and demands immediate attention from security teams and cluster administrators. Security researcher André Storfjord Kristiansen (@dev-bio on GitHub) discovered the vulnerability in the way […]

The post New Kubernetes Vulnerability Allows Attackers to Access Clusters Remotely appeared first on Cyber Security News.

The popular flight-tracking website FlightAware discovered a configuration error that exposed the sensitive personal information of its users. The data leak included user IDs, passwords, and email addresses, and depending on the information provided by users may have also exposed full names, billing and shipping addresses, IP addresses, social media accounts, telephone numbers, birth years, […]

The post FlightAware Data Leak Exposes Users’ Personal Information appeared first on Cyber Security News.

Cisco Talos has identified eight security vulnerabilities in Microsoft applications running on the macOS operating system, raising concerns about potential exploitation by adversaries. These vulnerabilities, if exploited, could allow attackers to hijack the permissions and entitlements of Microsoft applications, leading to unauthorized access to sensitive resources such as microphones, cameras, and user data. The vulnerabilities […]

The post Microsoft macOS Apps Vulnerability Allows Hackers to Record Audio/Video appeared first on Cyber Security News.

A recent analysis of a security vulnerability in Microsoft’s Secure Channel revealed a critical flaw that could be exploited for remote code execution. The vulnerability was initially identified as an integer overflow issue. However, further investigation determined it to be a Use-After-Free (UAF) vulnerability. This type of vulnerability occurs when a program continues to use […]

The post Windows Secure Channel RCE Vulnerability Let Attackers Inject Malicious Files Remotely appeared first on Cyber Security News.

Toyota’s U.S. branch has reportedly suffered a massive data breach, resulting in the unauthorized release of approximately 240 GB of sensitive information. The breach, allegedly perpetrated by the notorious hacker group ZeroSevenGroup, has exposed a wide array of data, posing serious security risks for the automotive giant and its stakeholders. Details of the Breach According […]

The post TOYOTA Data Breach – Hackers Group Leaked 240 GB of Data Online appeared first on Cyber Security News.

AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has announced a strategic partnership with Hackers Central, a major cybersecurity management service provider in Mexico. The announcement marks a significant step in AI SPERA’s strategy to broaden its international footprint. Hackers Central, a prominent cybersecurity management firm in Mexico, offers comprehensive security services including vulnerability […]

The post AI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’ appeared first on Cyber Security News.

Recently cybersecurity researchers at Check Point discovered a new malware dubbed “Styx Stealer,” capable of stealing browser and instant messenger data. Threat actors often exploit stealers, enabling them to secretly gather sensitive information from the compromised systems. While the types of information they steal via stealers include personal credentials, financial data, and passwords.  The stolen […]

The post Beware! Styx Stealer Malware Stealing Browser & Instant Messenger Data appeared first on Cyber Security News.

Hackers have found a way to exploit email URL rewriting features, a tool initially designed to protect users from phishing threats. This new tactic has raised alarms among security experts, turning a protective measure into a vulnerability. URL rewriting is a security feature employed by email security vendors to protect users from malicious links embedded […]

The post Hackers Exploit Email URL Rewriting to Insert Phishing Links appeared first on Cyber Security News.

A complex large-scale campaign was detected by Unit 42 researchers that manipulated and extorted several organizations using cloud systems.  Security analysts discovered that this massive large-scale cyber attack on AWS targets over 230 million unique cloud environments. The attackers crafted a smart tactic of exploiting exposed environment variable (.env) files on cloud infrastructures. These .env […]

The post Massive Cyber Attack On AWS Targets 230 Million Unique Cloud Environments appeared first on Cyber Security News.

Copilot Autofix is a newly launched feature of the GitHub Advanced Security (GHAS) and this feature was designed to make it easier for users to discover and fix code vulnerabilities. AI tools are revolutionizing the cybersecurity landscape by enhancing several major factors like threat detection, automating processes, and providing valuable insights to combat sophisticated cyber […]

The post Copilot Autofix – A GitHub AI Tools Now Analyse Vulnerabilities And Fix It Automatically appeared first on Cyber Security News.

Researchers uncovered a vulnerability in the Linux kernel’s dmam_free_coherent() function, which stems from a race condition caused by the improper order of operations when freeing DMA (Direct Memory Access) allocations and managing associated resources. This vulnerability can lead to system instabilities and malfunctions, as DMA is crucial for allowing hardware devices to transfer data directly […]

The post Linux Kernal Vulnerability Let Attackers Bypass CPU & Write on Memory appeared first on Cyber Security News.

A new malware strain known as “QWERTY Info Stealer” has emerged. It targets Windows systems with advanced anti-debugging techniques and data exfiltration capabilities. This malware is hosted on the domain mailservicess[.]com, represents a significant threat to individuals and organizations. Our comprehensive analysis illuminates its technical aspects, including its anti-debugging strategies, data collection methods, and interaction […]

The post QWERTY Info Stealer Employed Anti-Debugging Techniques to Exfiltrate Data from Windows appeared first on Cyber Security News.

The “Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More” provides a comprehensive overview of the latest developments in the cybersecurity landscape. Each edition highlights significant data breaches, emerging vulnerabilities, and notable cyber attacks, offering insights into the evolving threats that organizations face. By staying informed through this newsletter, readers can […]

The post Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & Other Stories appeared first on Cyber Security News.

As the world becomes more reliant on technology, viruses and security weaknesses may eventually develop in our operating systems. However, developers are ready for this because they have Javascript code security tools that help them find and fix internal computer bugs by giving them more information, such as a snapshot of the application’s state. Recently, […]

The post 10 Best Code Security Tools in 2024 appeared first on Cyber Security News.

Product management Tools aims to orchestrate and supervise every facet of the product life cycle. This encompasses various responsibilities, from marketing to in-depth investigative analysis.  Product management entails the systematic development, market launch, and comprehensive administration of a product or service. The product manager is at the helm of product management leadership and is ultimately […]

The post 10 Best Product Management Tools – 2024 appeared first on Cyber Security News.

A penetration testing tool helps identify vulnerabilities within a system by simulating real-world attacks. This allows organizations to detect and address security weaknesses before malicious actors exploit them. These tools provide comprehensive assessments of network, application, and system security by performing in-depth scans and tests and delivering detailed reports on potential threats and their impact […]

The post Top 30 Best Penetration Testing Tools – 2024 appeared first on Cyber Security News.

Security researchers at Avast have uncovered evidence that the notorious North Korean hacker group Lazarus exploited a previously unknown zero-day vulnerability in the Windows AFD.sys driver to gain kernel-level access to targeted systems. The flaw tracked as CVE-2024-38193, was reported to Microsoft and patched as part of the company’s June 2024 Patch Tuesday updates. The notorious Lazarus […]

The post Windows 0-Day Flaw Exploited by Lazarus to Gain Unauthorized Access appeared first on Cyber Security News.

The imminent release of Cisco HyperShield this month marks a pivotal evolution in the cybersecurity landscape. As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity measures and AI-driven security solutions. However, the effectiveness of this sophisticated technology heavily relies on the skilled deployment by IT and Information […]

The post Why Training is Critical to Implementing Cisco HyperShield appeared first on Cyber Security News.