Multiple serious security vulnerabilities have been uncovered in Judge0, an open-source online code execution platform, posing significant risks for its users. These flaws potentially allow malicious actors to escape the established sandbox environment and execute code with root privileges on the host system, according to a report by the Australian…
Increasingly sophisticated phishing-as-a-service (PhaaS) toolkits, particularly one known as EvilProxy, are being employed by threat actors to execute account takeover attacks targeting senior executives within major corporations. This trend underscores a growing vulnerability among high-ranking officials in the corporate landscape, particularly as the proliferation of remote work and digital transactions…
Artificial Intelligence & Machine Learning, Governance & Risk Management, Government Also: Potential Changes in Government Policy; AI-Driven Zero-Day Discoveries Anna Delaney (annamadeline) • November 8, 2024 Clockwise, from top left: Anna Delaney, Tony Morbin, Marianne Kolbasuk McGee, and Mathew Schwartz In the latest weekly update, the ISMG editorial team explored…
A 34-year-old Russian-Canadian national has received nearly four years in prison in Canada due to his involvement in the LockBit global ransomware scheme. Mikhail Vasiliev, an Ontario resident, was initially arrested in November 2022 and subsequently charged by the U.S. Department of Justice (DoJ) for conspiring to intentionally damage protected…
Eagle Bank, a Maryland-based financial institution, has issued a warning to its customers regarding a possible security breach implicating Mastercard account data. The bank reported that it received a notification from Mastercard indicating that unauthorized access to sensitive account information may have occurred due to vulnerabilities at an unnamed merchant…
Understanding Operational Technology and Its Cybersecurity Challenges Operational Technology (OT) encompasses the hardware and software that manage, monitor, and control physical devices, processes, and events within an enterprise. Unlike traditional Information Technology (IT) systems, OT operates directly within the physical realm, making it essential to address cybersecurity in a manner…
Emergence of XWorm Malware Utilizing Rust-Based Injector Recent analyses reveal the rise of XWorm, a commodity malware deployed by malicious actors employing a legitimate Rust-based tool known as Freeze[.]rs. This significant development in cybercrime was flagged by Fortinet FortiGuard Labs on July 13, 2023, marking a novel attack strategy using…
Cybersecurity Breach: Analyzing the Latest Incident and Its Implications In a recent cybersecurity incident that underscores the growing prevalence of digital threats, a significant breach has affected [insert company/organization name], a target known for its [briefly describe the business focus or sector]. This incident has raised alarms within the cybersecurity…
Cash App Faces Class Action Lawsuit Following Data Breaches Affecting Users Over the past few years, Cash App has been embroiled in significant data breaches that have raised serious concerns about the security of user information. In one instance, a former employee reportedly downloaded sensitive user transaction reports. In another…