Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution – OfficialSarkar

Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution – OfficialSarkar

Sep 16, 2024Ravie LakshmananCloud Security / Vulnerability A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. “The vulnerability could have allowed…

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals – OfficialSarkar

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals – OfficialSarkar

Sep 16, 2024The Hacker NewsPayment Security / Data Protection The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage…

Designing an Identity-Focused Incident Response Playbook – OfficialSarkar

Designing an Identity-Focused Incident Response Playbook – OfficialSarkar

Sep 16, 2024The Hacker NewsIdentity Protection / Incident Response Imagine this… You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn’t a horror movie, it’s the…

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure – OfficialSarkar

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure – OfficialSarkar

Sep 16, 2024Ravie LakshmananSpyware / Threat Intelligence Apple has filed a motion to “voluntarily” dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical “threat intelligence” information. The development was first reported by The Washington Post on Friday. The iPhone maker said its efforts,…

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks – OfficialSarkar

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks – OfficialSarkar

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users’ credentials. “Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML…

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability – OfficialSarkar

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability – OfficialSarkar

Sep 14, 2024Ravie LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. “An OS command injection vulnerability in…

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw – OfficialSarkar

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw – OfficialSarkar

Sep 13, 2024Ravie LakshmananSoftware Security / Threat Intelligence Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS…

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers – OfficialSarkar

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers – OfficialSarkar

Sep 13, 2024Ravie LakshmananVirtual Reality / Vulnerability Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. “A novel attack that can…

Must-Haves to Eliminate Credential Theft – OfficialSarkar

Must-Haves to Eliminate Credential Theft – OfficialSarkar

Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials (Verizon DBIR, 2024). Solving this problem resolves over 80% of your corporate risk, and a solution is possible. However, most tools available on the market today cannot offer a complete defense against this attack vector because they…

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London – OfficialSarkar

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London – OfficialSarkar

Sep 13, 2024Ravie LakshmananCyber Attack / Crime British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL). “The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September,” the…