Cybersecurity - The Stack (Page 15)

Microsoft admits “insecure pattern” in Azure AD exposed customers to risk of data loss, account takeover

"The risk is mainly with multi-tenant applications where this misconfiguration could result [in] account and privilege escalation" -- here's what you need to do.

The Stack June 22, 2023

vmware

News

VMware zero day used to hack defence, tech companies

The threat group has also used a wide range of attacker scripts to get vpxuser credentials, enumerate ESXi hosts and their guest VMs, and manipulate connected ESXi host firewall rules in order to steal data.

Edward Targett June 13, 2023

Barracuda tells customers to dump infected email security appliances after breach

0days

News

Barracuda tells customers to dump infected email security appliances after breach

Customers were first hit in October 2022. End user telemetry flagged something remiss this month... IOCs and Yara rules now shared.

The Stack June 01, 2023

Chinese state-backed hackers Typhoon Volt targeted US critical infrastructure

Microsoft

China

News

Chinese state-backed “Volt Typhoon” hackers breached US critical infrastructure

The group is intent on developing capabilities and access that “could disrupt critical communications infrastructure between the United States and Asia region during future crises.” Threat vector Fortinet has questions to answer ...

Edward Targett May 24, 2023

PyPI malicious project uploads force shutdown

open source

News

235.7 billion downloads; 2 staff on call. PyPI briefly shuts up shop amid burnout, malice

An uptick in malicious new projects being created on the Python Package Index (PyPI) repository forced it to shut down new user registrations over the weekend in a worrying sign for the open source project. PyPI is a repository of open-source Python packages supplied by the worldwide community of Python...

Edward Targett May 23, 2023

micron

China says chip firm Micron’s products “a major security risk”

Beijing claimed Sunday that it had found security issues in semiconductor firm Micron products that “pose a major security risk" to China

The Stack May 22, 2023

Why security pros are seething over Google’s new .zip domains

Why security pros are seething over Google’s new .zip domains

Google this week launched a new Top Level Domain of .zip and it has cybersecurity professionals worried. Here’s why. The way that modern browsers treat URLs – considering everything after @ as the host name, rather than the “user information” before it – means that it is easy to create a convincing...

The Stack May 17, 2023

Chinese APT taps trojanised routers for mystery purposes

Chinese APT taps trojanised routers for mystery purposes

Horse Shell has a "penchant for complex structures" (and simple errors)

The Stack May 16, 2023