Cyber Security News

A recent analysis of a security vulnerability in Microsoft’s Secure Channel revealed a critical flaw that could be exploited for remote code execution. The vulnerability was initially identified as an integer overflow issue. However, further investigation determined it to be a Use-After-Free (UAF) vulnerability. This type of vulnerability occurs when a program continues to use […]

The post Windows Secure Channel RCE Vulnerability Let Attackers Inject Malicious Files Remotely appeared first on Cyber Security News.

Toyota’s U.S. branch has reportedly suffered a massive data breach, resulting in the unauthorized release of approximately 240 GB of sensitive information. The breach, allegedly perpetrated by the notorious hacker group ZeroSevenGroup, has exposed a wide array of data, posing serious security risks for the automotive giant and its stakeholders. Details of the Breach According […]

The post TOYOTA Data Breach – Hackers Group Leaked 240 GB of Data Online appeared first on Cyber Security News.

AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has announced a strategic partnership with Hackers Central, a major cybersecurity management service provider in Mexico. The announcement marks a significant step in AI SPERA’s strategy to broaden its international footprint. Hackers Central, a prominent cybersecurity management firm in Mexico, offers comprehensive security services including vulnerability […]

The post AI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’ appeared first on Cyber Security News.

Recently cybersecurity researchers at Check Point discovered a new malware dubbed “Styx Stealer,” capable of stealing browser and instant messenger data. Threat actors often exploit stealers, enabling them to secretly gather sensitive information from the compromised systems. While the types of information they steal via stealers include personal credentials, financial data, and passwords.  The stolen […]

The post Beware! Styx Stealer Malware Stealing Browser & Instant Messenger Data appeared first on Cyber Security News.

Hackers have found a way to exploit email URL rewriting features, a tool initially designed to protect users from phishing threats. This new tactic has raised alarms among security experts, turning a protective measure into a vulnerability. URL rewriting is a security feature employed by email security vendors to protect users from malicious links embedded […]

The post Hackers Exploit Email URL Rewriting to Insert Phishing Links appeared first on Cyber Security News.

A complex large-scale campaign was detected by Unit 42 researchers that manipulated and extorted several organizations using cloud systems.  Security analysts discovered that this massive large-scale cyber attack on AWS targets over 230 million unique cloud environments. The attackers crafted a smart tactic of exploiting exposed environment variable (.env) files on cloud infrastructures. These .env […]

The post Massive Cyber Attack On AWS Targets 230 Million Unique Cloud Environments appeared first on Cyber Security News.

Copilot Autofix is a newly launched feature of the GitHub Advanced Security (GHAS) and this feature was designed to make it easier for users to discover and fix code vulnerabilities. AI tools are revolutionizing the cybersecurity landscape by enhancing several major factors like threat detection, automating processes, and providing valuable insights to combat sophisticated cyber […]

The post Copilot Autofix – A GitHub AI Tools Now Analyse Vulnerabilities And Fix It Automatically appeared first on Cyber Security News.

Researchers uncovered a vulnerability in the Linux kernel’s dmam_free_coherent() function, which stems from a race condition caused by the improper order of operations when freeing DMA (Direct Memory Access) allocations and managing associated resources. This vulnerability can lead to system instabilities and malfunctions, as DMA is crucial for allowing hardware devices to transfer data directly […]

The post Linux Kernal Vulnerability Let Attackers Bypass CPU & Write on Memory appeared first on Cyber Security News.

A new malware strain known as “QWERTY Info Stealer” has emerged. It targets Windows systems with advanced anti-debugging techniques and data exfiltration capabilities. This malware is hosted on the domain mailservicess[.]com, represents a significant threat to individuals and organizations. Our comprehensive analysis illuminates its technical aspects, including its anti-debugging strategies, data collection methods, and interaction […]

The post QWERTY Info Stealer Employed Anti-Debugging Techniques to Exfiltrate Data from Windows appeared first on Cyber Security News.

The “Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More” provides a comprehensive overview of the latest developments in the cybersecurity landscape. Each edition highlights significant data breaches, emerging vulnerabilities, and notable cyber attacks, offering insights into the evolving threats that organizations face. By staying informed through this newsletter, readers can […]

The post Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & Other Stories appeared first on Cyber Security News.

As the world becomes more reliant on technology, viruses and security weaknesses may eventually develop in our operating systems. However, developers are ready for this because they have Javascript code security tools that help them find and fix internal computer bugs by giving them more information, such as a snapshot of the application’s state. Recently, […]

The post 10 Best Code Security Tools in 2024 appeared first on Cyber Security News.

Product management Tools aims to orchestrate and supervise every facet of the product life cycle. This encompasses various responsibilities, from marketing to in-depth investigative analysis.  Product management entails the systematic development, market launch, and comprehensive administration of a product or service. The product manager is at the helm of product management leadership and is ultimately […]

The post 10 Best Product Management Tools – 2024 appeared first on Cyber Security News.

A penetration testing tool helps identify vulnerabilities within a system by simulating real-world attacks. This allows organizations to detect and address security weaknesses before malicious actors exploit them. These tools provide comprehensive assessments of network, application, and system security by performing in-depth scans and tests and delivering detailed reports on potential threats and their impact […]

The post Top 30 Best Penetration Testing Tools – 2024 appeared first on Cyber Security News.

Security researchers at Avast have uncovered evidence that the notorious North Korean hacker group Lazarus exploited a previously unknown zero-day vulnerability in the Windows AFD.sys driver to gain kernel-level access to targeted systems. The flaw tracked as CVE-2024-38193, was reported to Microsoft and patched as part of the company’s June 2024 Patch Tuesday updates. The notorious Lazarus […]

The post Windows 0-Day Flaw Exploited by Lazarus to Gain Unauthorized Access appeared first on Cyber Security News.

The imminent release of Cisco HyperShield this month marks a pivotal evolution in the cybersecurity landscape. As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity measures and AI-driven security solutions. However, the effectiveness of this sophisticated technology heavily relies on the skilled deployment by IT and Information […]

The post Why Training is Critical to Implementing Cisco HyperShield appeared first on Cyber Security News.

An Android package, “Showcase.apk,” preinstalled on a significant portion of Pixel devices since 2017, possesses extensive system permissions enabling remote code execution and package installation.  It fetches a configuration file via unsecured HTTP from a single US-based AWS domain, rendering it susceptible to tampering, while the combination of excessive privileges and insecure configuration exposes millions […]

The post Critical Android Vulnerability Impacting Millions of Pixel Devices Worldwide appeared first on Cyber Security News.

Microsoft has announced a significant security enhancement for its Azure platform: starting in 2024, all Azure sign-in attempts will require multifactor authentication (MFA). This move underscores Microsoft’s commitment to providing its customers the highest level of security. The MFA requirement will apply to several key applications, including the Azure Portal, Microsoft Entra Admin Center, and […]

The post Microsoft Announced Multifactor Authentication is Mandatory for Azure Sign-Ins appeared first on Cyber Security News.

The U.S. Department of Justice (DOJ) is contemplating a historic move to break up Alphabet Inc.’s Google following a significant antitrust ruling. This development marks one of the most aggressive antitrust actions since the attempted breakup of Microsoft two decades ago. The decision comes after a federal judge determined that Google had unlawfully maintained a […]

The post US DOJ Considers Breaking-up Google Following Antitrust Case appeared first on Cyber Security News.

A recently discovered vulnerability in Kubernetes has raised significant concerns within the cybersecurity community. Akamai researcher Tomer Peled identified a design flaw in Kubernetes’ sidecar project, git-sync, which could allow attackers to execute command injection attacks. This vulnerability affects default Kubernetes installations across various platforms, including Amazon EKS, Azure AKS, and Google GKE. It will […]

The post Kubernetes Vulnerability Exposes Clusters to Command Injection Attacks appeared first on Cyber Security News.

A critical security flaw has been discovered in the Zimbra Collaboration Suite (ZCS), potentially allowing hackers to execute malicious JavaScript code. This cross-site scripting (XSS) flaw, identified as CVE-2024-33533, has been found in the Zimbra webmail admin interface. The vulnerability arises from inadequate input validation, which permits attackers to inject harmful scripts into the application. […]

The post Zimbra XSS Flaw Allows Hackers to Execute Malicious JavaScript Code appeared first on Cyber Security News.