In a significant update released for January 2024, Microsoft has patched a total of 48 security vulnerabilities across its software ecosystem. This month’s Patch Tuesday includes two flaws classified as Critical and 46 as Important. Notably, there are no indications that any of these vulnerabilities are being actively exploited or…
New Timing Vulnerability Discovered in TLS: Raccoon Attack A recent study has revealed a significant timing vulnerability affecting the Transport Layer Security (TLS) protocol, potentially allowing attackers to compromise encryption and access sensitive communications under specific scenarios. Researchers have labeled this exploit the “Raccoon Attack,” targeting server-side operations in TLS…
Snapchat Source Code Leaked on GitHub: Cybersecurity Implications Unfold Recently, the source code for Snapchat, a widely-used social media application, was unlawfully released online. This breach occurred when a hacker leaked the code on GitHub, a Microsoft-owned code repository. The GitHub account, registered under the name Khaled Alshehri with the…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially included a critical vulnerability affecting Microsoft SharePoint Server in its Known Exploited Vulnerabilities (KEV) catalog, highlighting evidence of active exploitation within various environments. This vulnerability, identified as CVE-2023-29357, has garnered a significant CVSS score of 9.8, indicating its severity and…
Microsoft has disclosed its ongoing efforts to phase out the RC4 cryptographic algorithm, a challenge that has persisted for over a decade. According to Steve Syfuhs, who leads the Windows Authentication team at Microsoft, eliminating an algorithm that has been a part of operating systems for the last 25 years…
In a significant move today, the United States government filed charges against five individuals linked to a state-sponsored Chinese hacking group known as APT41, as well as two Malaysian hackers. This group is believed to have compromised over one hundred businesses globally, showcasing a sophisticated range of cyber-espionage and financially…
GitHub has confirmed the rotation of specific cryptographic keys following the identification of a significant security vulnerability. This issue poses the risk of unauthorized access to sensitive credentials within production containers. The subsidiary of Microsoft announced that it first learned of the problem on December 26, 2023, and took immediate…
Recent cybersecurity investigations have revealed an ongoing cyberespionage initiative targeting Indian defense agencies and military personnel, dating back to at least 2019. This operation, identified as “Operation SideCopy” by Quick Heal, an Indian cybersecurity firm, is believed to be orchestrated by an advanced persistent threat (APT) group adept in concealing…
Recent investigations indicate that despite concerted efforts to disrupt the TrickBot malware operations, its creators are adapting and evolving their tactics. A report from cybersecurity firm Netscout reveals that the authors of TrickBot have ported elements of their malicious code to Linux, broadening their potential target base. Initially identified in…
