There is more to this week's cybersecurity news than just headlines and hackers. It's about how we may not even be aware of how digital risks affect our lives. Hackers are positioning themselves to take over the networks that we use for everything, including making calls and operating businesses.
Discover the dangers, the fixes, and the tiny actions we can all take to stay ahead in a world that is changing more quickly than before by delving into this week's recap. To care, you don't have to be an expert in cybersecurity; you just need to be interested in the wider picture. Central Asian entities have been the target of a Russian threat activity cluster known as TAG-110.
NFCGate is being used by cybercriminals to use point-of-sale (PoS) terminals to withdraw money from victims' bank accounts. By exploiting an API endpoint in the Bing Maps Dev Center Portal, a recently discovered XSS vulnerability in Microsoft Bing could have been exploited to run arbitrary code within the context of the website. The top 25 riskiest software flaws identified by CWE for 2024 are as follows: On the list of the top 25 dangerous software flaws, the vulnerability class is at the top.
Sensitive information from governmental and private organizations is being exposed to third parties by websites created with Microsoft Power Pages that lack or have improperly configured access controls. It has been discovered that certain websites allow "global access" to read data from database tables, even for anonymous users. An alleged Russian Phobos ransomware administrator was extradited to the United States to answer to charges pertaining to Phobos's operation, distribution, and sale.
The ransomware group is thought to have harmed over 1,000 public and private organizations worldwide. Large language models (LLMs) used in robotics can be jailbroken to make them disregard security measures and cause dangerous physical harm in the real world. A robust and adaptable Python tool called BlindBrute was created to make blind SQL injection attacks easier to understand.
An open-source program called Halberd makes it simple and proactive to test cloud security across AWS, Azure, M365, and Entra ID. Join our free webinar to learn how to cut downtime to almost zero, automate the entire process, stay ahead with crypto agility, and lock in best practices. DNS sinkholing is a low-cost, high-impact way to turn your DNS into your first line of defense.
The activity of infected devices is recorded when they attempt to access sinkholed domains. This implies that you can identify the problem, isolate the compromised devices, and address it before it gets out of hand. In order to increase awareness and reduce risky behavior, you can even configure it to notify users when threats are blocked.
When you combine DNS sinkhols with automated tools like SIEM systems, you'll receive real-time network security insights, comprehensive threat reports, and immediate alerts.