Microsoft’s Smart App Control and SmartScreen Found Vulnerable to Exploitation Recently, cybersecurity researchers have identified critical vulnerabilities within Microsoft’s Windows Smart App Control (SAC) and SmartScreen features, which may grant threat actors an opportunity for initial access to targeted systems without triggering security alerts. This discovery raises concerns about the…
Malicious Python Package Discovered Concealing Golang Command-and-Control Framework Cybersecurity researchers have unveiled a nefarious Python package masquerading as an extension of the widely-used requests library. This malicious package, named requests-darwin-lite, has been found to hide a Golang variant of the Sliver command-and-control (C2) framework within an image file of the…
Star Health Faces Major Cybersecurity Challenge Following Data Breach In a significant cybersecurity incident, Star Health, a leading health insurance provider in India valued at approximately $4 billion, has fallen victim to a severe data breach that has resulted in a ransom demand of ₹57 lakh (approximately $68,000). The breach…
As the browser becomes the dominant workspace in enterprises, it is increasingly exploited by cybercriminals as a key attack vector. Various threats ranging from account takeovers and phishing attacks to malicious browser extensions highlight the browser’s role in compromising sensitive data and breaching organizational systems. Security professionals tasked with developing…
Fidelity Investments has reported a significant data breach affecting the personal information of over 77,000 customers. The breach involved unauthorized access to sensitive data, including Social Security numbers and driver’s licenses, although no Fidelity accounts were compromised. The incident is concerning, given that Fidelity is one of the world’s largest…
The cybersecurity landscape is facing significant concern as a recently disclosed zero-day vulnerability in the Apache OFBiz open-source enterprise resource planning (ERP) system poses severe risks to its users. This vulnerability, categorized as CVE-2024-38856, has been assigned a critical CVSS score of 9.8 out of a possible 10. It predominantly…
Three U.S. Banks Alert Customers to Data Breaches of Sensitive Information Recent advisories from three major U.S. banks have revealed that sensitive personally identifiable information (PII) of customers has been compromised. Citizens Bank, Truist Bank, and First National Bank have all reported incidents that underscore the ongoing threat posed by…
Google has recently mitigated a significant security vulnerability within the Android kernel, a flaw that is reportedly being actively exploited. The vulnerability, designated as CVE-2024-36971, has serious implications, allowing for remote code execution within the kernel. In its August 2024 Android security bulletin, Google indicated that this vulnerability might be…
Microsoft Addresses 61 Security Vulnerabilities in May Patch Update In its latest Patch Tuesday update for May 2024, Microsoft has resolved 61 newly identified security vulnerabilities across its software products, amongst them two zero-day flaws that have been actively exploited in the wild. These updates follow a proactive security strategy…
