Aggregator

Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. [...]

Microsoft has issued an urgent security advisory regarding a newly discovered malware strain called StilachiRAT, which specifically targets and exfiltrates data from Remote Desktop Protocol (RDP) sessions. The sophisticated malware has been observed in targeted attacks against financial institutions, government agencies, and critical infrastructure organizations across multiple regions. Security experts warn that this new threat […]

The post Microsoft Warns of New StilachiRAT Stealing Remote Desktop Protocol Sessions Data appeared first on Cyber Security News.

Google today revealed it has acquired Wiz, a provider of a cloud-native application protection platform (CNAPP) for $32 billion cash after initially being rebuffed last year.

The post Google Agrees to Acquire Wiz in $30B Deal appeared first on Security Boulevard.

Security researchers from Bitdefender have uncovered a large-scale ad fraud campaign involving 331 malicious apps on the Google Play Store. These apps, which have accumulated over 60 million downloads, exploit vulnerabilities in Android 13 to bypass security restrictions and carry out phishing attacks, ad fraud, and credential theft. The campaign demonstrates an alarming level of […]

The post 331 Malicious Apps with 60 Million Downloads on Google Play Bypass Android 13 Security appeared first on Cyber Security News.

Whistic announced the next generation of its Assessment Copilot, a third-party risk management (TPRM) solution that integrates AI into the vendor assessment process for a fully automated workflow. With this release, Whistic builds upon the initial release of Assessment Copilot and the Whistic AI suite of capabilities launched in May 2024. Whistic delivers a modern, AI-first approach that improves the efficiency and pace of TPRM assessments, reduces costs, achieves more in-depth insights, and enhances risk … More →

The post Whistic announces next generation of Assessment Copilot appeared first on Help Net Security.

An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden

在农业时代前，人类大约每周工作 15 小时。经历农业时代以及工业时代之后，我们今天每周工作大约 40 小时。科技的进步对工作时长的缩短影响甚微，我们期望的工作时长和实际的工作时长存在明显的差距。根据德国的一项调查，逾三分之二的全职工人报告劳累过度——实际工作时间超过期望工作时间。杜克大学的研究人员称，德国最优工作周长度为 37 小时。分析称，缩短工作周受益最大的群体是已婚、女性、白领、中年和高收入工人。

A vulnerability, which was classified as problematic, was found in WP-FeedStats wp-eMember Plugin up to 10.6.6 on WordPress. This affects an unknown part of the component Attribute Handler. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-5744. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in WP-FeedStats wp-affiliate-platform Plugin up to 6.5.0 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-5280. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP-FeedStats wp-affiliate-platform Plugin up to 6.5.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-5284. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SULly Plugin up to 4.3.0 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-5034. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP-FeedStats wp-eMember Plugin up to 10.6.5 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-5076. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SULly Plugin up to 4.3.0 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-5033. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9. This affects an unknown part of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-39735. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9. This vulnerability affects unknown code of the component Web UI. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-39728. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in pypa setuptools up to 69.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component package_index. The manipulation leads to code injection. This vulnerability is known as CVE-2024-6345. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The contemporary SOC is transforming as it starts to realize the benefits of GenAI and utilize the manifestations of autonomous agentic AI, according to Tines. Additionally, the promise of security automation is coming to fruition. In theory and practice, security automation should truncate the time SOCs spend investigating and mitigating alerts. However, the tried and true saying about technology still applies: Cybersecurity still relies on the combination of people, processes, and technology. For some time, … More →

The post How AI and automation are reshaping security leadership appeared first on Help Net Security.

For candidates with a cybersecurity background who want to stay competitive, now is the time to invest in obtaining AI skills.

Leaked chat logs have exposed connections between the BlackBasta ransomware group and Russian authorities, according to new analysis by Trellix

Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today. It added the acquisition, which is