Critical Vulnerability Discovered in SailPoint IdentityIQ

/in

A critical directory traversal vulnerability in the SailPoint IdentityIQ IAM platform exposes restricted files to attackers.

The post Critical Vulnerability Discovered in SailPoint IdentityIQ appeared first on SecurityWeek.

SecurityWeek – ​Read More

Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels

/in

Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks.

darkreading – ​Read More

Library of Congress Offers AI Legal Guidance to Researchers

/in

Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law.

darkreading – ​Read More

Chinese Hackers Breach US Firm, Maintain Network Access for Months

/in

SUMMARY A large U.S. company with operations in China fell victim to a large-scale cyberattack earlier this year,…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

US org with ‘significant presence in China’ targeted by hackers, Symantec says

/in

The cybersecurity firm did not name the company but said the attack was “likely carried out by a China-based threat actor, since some of the tools used in this attack have been previously associated with Chinese attackers.”

The Record from Recorded Future News – ​Read More

Bypass Bug Revives Critical N-Day in Mitel MiCollab

/in

A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there’s a workaround.

darkreading – ​Read More

Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges

/in

At least 17 affiliate groups have used the “DroidBot” Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn.

darkreading – ​Read More

UK Cyber Risks Are ‘Widely Underestimated,’ Warns Country’s Security Chief

/in

Richard Horne, the head of the U.K.’s National Cyber Security Centre, says that hostile activity has “increased in frequency, sophistication and intensity.”

Security | TechRepublic – ​Read More

Hoboken government recovering from ransomware attack as Conti-linked gang takes credit

/in

In an update on Wednesday afternoon, the New Jersey city of more than 60,000 said it was making progress in its recovery and asked for “continued patience” while it restores all of its systems.

The Record from Recorded Future News – ​Read More

Russian state hackers abuse Cloudflare services to spy on Ukrainian targets

/in

The group known as Gamaredon has been observed using Cloudflare Tunnels — a tool that helps hide the real location of servers or infrastructure — to infect their targets with custom GammaDrop malware and stay undetected.

The Record from Recorded Future News – ​Read More