Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

/in

Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances.
“When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s

The Hacker News – ​Read More

Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks

/in

Researcher showcases hack against Microsoft Windows Update architecture, turning fixed vulnerabilities into zero-days.

The post Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks appeared first on SecurityWeek.

SecurityWeek – ​Read More

Implement MFA or Risk Non-Compliance With GDPR

/in

The UK Information Commissioner’s Office announced its intention to fine Advanced Computer Software Group £6.09 million.

The post Implement MFA or Risk Non-Compliance With GDPR appeared first on SecurityWeek.

SecurityWeek – ​Read More

Federal Watchdog Urges EPA to Develop Comprehensive Cyber Strategy to Protect Water Systems

/in

The U.S. Government Accountability Office is urging the Environmental Protection Agency (EPA) to develop a comprehensive strategy to protect the nation’s drinking and wastewater systems from cyber threats.

Cyware News – Latest Cyber News – ​Read More

New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers

/in

Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. ”

The Hacker News – ​Read More

NHS Software Supplier Advanced Faces $7.6 Million Fine Over Ransomware Attack Failings

/in

NHS software supplier Advanced faces a hefty fine of over £6 million (~$7.6 Million) for failing to protect personal information during a ransomware attack that impacted the National Health Service in the UK.

Cyware News – Latest Cyber News – ​Read More

Phishing Attacks Can Bypass Microsoft 365 Email Safety Warnings

/in

A vulnerability in Microsoft 365’s anti-phishing measures allows malicious actors to deceive users into opening harmful emails by…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Black Hat Roundup 2024: What to Expect From This Week’s Security Events

/in

Discover the latest cybersecurity trends and techniques in this year’s Black Hat and DEF CON roundup.

Security | TechRepublic – ​Read More

The API Security Crisis: Why Your Company Could Be Next

/in

You’re only as strong as your weakest security link.

darkreading – ​Read More

Scamnetic Emerges From Stealth With AI-Based Scam Detection Solution

/in

Scamnetic emerges from stealth mode with an AI-based scam detection solution and over $1 million in pre-seed funding.

The post Scamnetic Emerges From Stealth With AI-Based Scam Detection Solution appeared first on SecurityWeek.

SecurityWeek – ​Read More