CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild.
Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email

The Hacker News – ​Read More

‘DuneQuixote’ Shows Stealth Cyberattack Methods Are Evolving. Can Defenders Keep Up?

/in

A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace.

darkreading – ​Read More

Inside Ukraine’s Killer-Drone Startup Industry

/in

Ukraine needs small drones to combat Russian forces—and is bootstrapping its own industry at home.

Security Latest – ​Read More

New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials

/in

A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests.
“This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent

The Hacker News – ​Read More

Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says

/in

UnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection.

The post Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says appeared first on SecurityWeek.

SecurityWeek – ​Read More

Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm

/in

Everyone — not just politicians and celebrities — should be concerned about this increasingly powerful deep-fake technology, experts say.

The post Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm appeared first on SecurityWeek.

SecurityWeek – ​Read More

Private Internet Search Is Still Finding Its Way

/in

The quest to keep data private while still being able to search may soon be within reach, with different companies charting their own paths.

darkreading – ​Read More

UnitedHealth Congressional Testimony Reveals Rampant Security Fails

/in

The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change’s backup strategy failed.

darkreading – ​Read More

Intel 471 Acquires Cyborg Security

/in

Post Content

darkreading – ​Read More