VMware fixes three critical auth bypass bugs in remote access tool
VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers…
Microsoft fixes critical RCE flaw affecting Azure Cosmos DB
Analysts at Orca Security have found a critical vulnerability affecting Azure Cosmos DB that allowed unauthenticated read and write access…
VMware vCenter Server bug disclosed last year still not patched
VMware informed customers today that vCenter Server 8.0 (the latest version) is still waiting for a patch to address a…
LofyGang hackers built a credential-stealing enterprise on Discord, NPM
A threat group using the name 'LofyGang', operating since 2020, is considered responsible for creating and distributing over 200 malicious…
Sharing Knowledge at 44CON
The infosec conference named after the UK's calling code returned this year with a focus on building a healthy community.
How Cloud-Based Services Minimize the Impact of Incident Recovery
Few organizations are able to continue operating after being hit by ransomware, let alone be able to quickly […] The…
Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish
Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability…
Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs
Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access…
200,000 North Face accounts hacked in credential stuffing attack
Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking…
New EvilProxy service lets all hackers use advanced phishing tactics
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on…