Threat Prevention & Detection in SaaS Environments – 101 https://firewall.firm.in/wp-content/uploads/2024/07/adaptive.png Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them. According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, ...
Read More »Vulnerabilities & Exploits
AT&T Confirms Data Breach Affecting Nearly All Wireless Customers
AT&T Confirms Data Breach Affecting Nearly All Wireless Customers https://firewall.firm.in/wp-content/uploads/2024/07/att.png American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to “nearly all” of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network. “Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between ...
Read More »Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool https://firewall.firm.in/wp-content/uploads/2024/07/palo.png Jul 11, 2024NewsroomVulnerability / Enterprise Security Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication ...
Read More »New Ransomware Group Exploiting Veeam Backup Software Vulnerability
New Ransomware Group Exploiting Veeam Backup Software Vulnerability https://firewall.firm.in/wp-content/uploads/2024/07/gib.png Jul 10, 2024NewsroomData Breach / Malware A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to ...
Read More »Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories
Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories https://firewall.firm.in/wp-content/uploads/2024/07/jquery.png Jul 09, 2024NewsroomSupply Chain Attack / Web Security Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a “complex and persistent” supply chain attack. “This attack stands out due to the high variability ...
Read More »OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers https://firewall.firm.in/wp-content/uploads/2024/07/ddos-attack.png Jul 05, 2024NewsroomNetwork Security / DDoS Attack French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps ...
Read More »Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks
Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks https://firewall.firm.in/wp-content/uploads/2024/07/silver.png Jul 05, 2024The Hacker NewsCybersecurity / Identity Protection Identity theft isn’t just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don’t be caught off ...
Read More »The Emerging Role of AI in Open-Source Intelligence
The Emerging Role of AI in Open-Source Intelligence https://firewall.firm.in/wp-content/uploads/2024/07/sasns.png Jul 03, 2024The Hacker NewsOSINT / Artificial Intelligence Recently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT as the “INT of first resort”. Public and private sector organizations are realizing the value that the discipline can provide but ...
Read More »GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others https://firewall.firm.in/wp-content/uploads/2024/07/gitlab.jpg Jun 28, 2024NewsroomSoftware Security / DevOps GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), ...
Read More »Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data https://firewall.firm.in/wp-content/uploads/2024/06/north.png Jun 28, 2024NewsroomCyber Espionage / Cyber Attack The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that’s designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early ...
Read More »