Lapsus$ hackers took SIM-swapping attacks to the next level
The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to…
Microsoft Exchange updates pulled after breaking non-English installs
Microsoft has pulled Microsoft Exchange Server's August security updates from Windows Update after finding they break Exchange on non-English installs. [...]
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
A cyberespionage group named 'MoustachedBouncer' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus.…
Dell Compellent hardcoded key exposes VMware vCenter admin creds
An unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter…
Microsoft Fixes 74 CVEs in August Update
Attackers are already exploiting one of Microsoft's latest fixes in the wild.
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
Today is Microsoft's August 2023 Patch Tuesday, with security updates for 87 flaws, including two actively exploited and twenty-three remote…
Hands on with Windows 11’s new modern File Explorer
With the introduction of Windows 11 23H2, Microsoft has modernized File Explorer on Windows 11, bringing a fresher look and…
New Microsoft Azure AD CTS feature can be abused for lateral movement
Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface…
Russian APT ‘BlueCharlie’ Swaps Infrastructure to Evade Detection
Despite being outed earlier this year, the advanced persistent threat group is trying to sneak past researchers again.
Ivanti discloses new critical auth bypass bug in MobileIron Core
IT software company Ivanti disclosed today a new critical security vulnerability in its MobileIron Core mobile device management software. [...]