Skip to content

Polymath Central

Thoughts and musings of David Greenberg, a polymath

Cybersecurity

Intruder Launches Intel: A Free Vulnerability Intelligence Platform For Staying Ahead of the Latest Threats

November 26, 2024

When CVEs go viral, separating critical vulnerabilities from the noise is essential to protecting your organization. That’s why Intruder, a leader in attack surface management, built Intel – a free…

Cybersecurity

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

November 26, 2024

The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro,…

Cybersecurity

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks

November 26, 2024

The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part…

Cybersecurity

CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks

November 26, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities…

Cybersecurity

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot

November 25, 2024

The administrators of the Python Package Index (PyPI) repository have quarantined the package “aiocpa” following a new update that included malicious code to exfiltrate private keys via Telegram. The package…

Cybersecurity

Google’s New Restore Credentials Tool Simplifies App Login After Android Migration

November 25, 2024

Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android’s…

Cybersecurity

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

November 25, 2024

Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp’s Terraform and Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to…

Cybersecurity

Flying Under the Radar – Security Evasion Techniques

November 25, 2024

Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks “I really…

Cybersecurity

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 – Nov 24)

November 25, 2024

We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s…

Cybersecurity

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

November 25, 2024

Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected…

Posts pagination

1 … 131 132 133 … 140

Polymath Central

Thoughts and musings of David Greenberg, a polymath

Proudly powered by WordPress | Theme: Newsup by Themeansar.