Network Security - Security World Trend Now

The Rise of Cloud Key Harvesting: How the ‘Elektra-Leak’ Attackers Exploit GitHub for AWS Access

Patel Maya9 months ago09 mins

Attackers Exploit Exposed AWS IAM Credentials on GitHub for Cryptocurrency Mining Summary Researchers from Palo Alto Networks have discovered an ongoing campaign, named “Elektra-Leak,” where threat actors are actively harvesting exposed Amazon Web Services (AWS) Identity and Access Management (IAM) credentials on public GitHub repositories. These credentials are then used to create AWS Elastic Compute…

The Hidden Danger Within: Unveiling the Malicious NuGet Packages Distributing SeroXen RAT Malware

Patel Maya9 months ago09 mins

The IT Professional’s Blueprint for Compliance Introduction In today’s digital age, cybersecurity has become an integral part of businesses’ operation. The threat landscape is constantly evolving, and organizations must take proactive measures to safeguard sensitive data and protect against malicious activities. This is especially true for IT professionals who play an essential role in ensuring…

Google Dynamic Search Ads: Unleashing a Malware Deluge

Emma Thompson9 months ago011 mins

New Method of Malvertising Utilizes Vulnerable Websites to Deliver Malicious Ads The Discovery In a recent blog post, Jerome Segura, senior director of threat intelligence at Malwarebytes, uncovered a new method of using vulnerable websites to deliver targeted ads that carry malware. This technique takes advantage of Google‘s dynamic search ads feature, which pairs ads…

Apple’s Safari browser remains susceptible to Spectre attacks, study reveals

Nguyen Michael9 months ago07 mins

Apple’s Safari Browser Still Vulnerable to Spectre Attacks, Researchers Show Introduction In 2018, the Spectre attack revealed a fundamental vulnerability in the hardware architecture of modern processors, allowing attackers to exploit sensitive data. Manufacturers, including Apple, implemented countermeasures to protect against this type of attack. However, recent research conducted by a team from Ruhr University…

Pwn2Own Toronto 2023: Hackers Rake in $350k in Record Time

Emma Thompson9 months ago08 mins

IoT Security: Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023 On the second day of the Zero Day Initiative’s Pwn2Own Toronto 2023 competition, hackers successfully exploited a variety of IoT devices, earning approximately $350,000 in rewards. The devices that were hacked included smart speakers, printers, routers, NAS devices, and mobile phones. This highlights…

Elevating Mobile Security Standards: The Impact of Extended Support Periods

Nguyen Michael9 months ago011 mins

Consumers Demand Secure Devices and Longer Support A recent survey conducted by Omdia, a research and consulting firm, reveals that consumers worldwide are increasingly concerned about the security of their devices and the need for longer support. The survey, which included 1,578 participants from 13 major countries in the Americas, Asia & Oceania, and Europe,…

The Philadelphia Cyberattack Unveils Vulnerabilities in City Employee Health Data Security

Nguyen Michael9 months ago07 mins

City of Philadelphia Cyberattack Compromised Health Data of City Employees Background In a recent disclosure, Philadelphia city officials revealed that a cyberattack in May compromised the personal information, including health data, of city employees. The attack was discovered through suspicious activity reported in the city’s email systems. After conducting an investigation, it was determined that…

The Urgency of Patching: VMware vCenter Flaw Poses Critical Risks to End-of-Life Products

Emma Thompson9 months ago08 mins

Cloud Security: VMware vCenter Flaw Exposes Critical Remote Code Execution Vulnerability By October 27, 2023 The Vulnerability Virtualization technology provider VMware has issued an urgent warning regarding a critical remote code execution vulnerability affecting its vCenter Server and VMware Cloud Foundation products. The vulnerability, identified as CVE-2023-34048, allows a malicious hacker with network access to…

Defending Against the Silent Invasion: How Iranian Hackers Infiltrated a Government Network for 8 Months

Patel Maya9 months ago07 mins

Nation-State Iranian Hackers Lurked for 8 Months in Government Network The Attack Broadcom’s Symantec cybersecurity unit has reported that the Iran-linked hacking group known as Crambus spent a staggering eight months inside the network of a Middle Eastern government. Crambus, also known as APT34 or Cobalt Gypsy, is a part of a larger cluster of…

WinRAR Flaw Exploited by State-Backed Threat Actors: Insights from Google TAG

Emma Thompson9 months ago011 mins

The Implications of Software Vulnerabilities and the IT Professional’s Responsibility The Current Landscape of Cybersecurity Vulnerabilities Software vulnerabilities pose a significant threat in today’s interconnected world. As technology continually evolves, so too do the tactics employed by malicious actors seeking to exploit weaknesses in software systems. Recent examples such as the vulnerabilities discovered in Cybersecurity–WordPress…