Category: Shorts

Critical RCE Flaw Patched in Fortinet FortiGate Firewalls Fortinet patches a flaw in its FortiGate firewalls that allows attackers to gain remote code execution. The company has chosen to keep the details of the flaw a secret until it is fully patched and then plans to release an advisory explaining how the flaw works. It…

1,000+ Fake Cryptocurrency Sites Could Trap Users in Bogus Rewards Scheme A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. The scam works via an advanced fee fraud that involves tricking victims into believing that they’ve won…

Critical FortiOS and FortiProxy vulnerability being exploited – patch now! Fortinet on Monday disclosed a newly patched critical flaw affecting FortiOS and FortiProxy. The vulnerability, tracked as CVE-2023-27997, concerns a heap-based buffer overflow vulnerability in FortiOS that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. LeXFO security researchers…

Two Russian nationals charged with stealing millions of dollars from Mt. Gox, a now The U.S. Department of Justice has announced that it has charged two Russian nationals, Bilyuchenko and Verner, with masterminding the 2014 digital heist of the now defunct cryptocurrency exchange Mt. Gox. After stealing some cryptocurrency from Mt.Gox, they allegedly went on…

API Security: Understanding Your True Attack Surface The attack surface for APIs is expanding faster than you realize. This means that an automated API security platform will likely be the most effective solution at your disposal. Join our webinar with Noname Security Field CTO Filip Verloy, where he will help you uncover your true API…

Dozens of Global Organizations Hit in Adversary-in-the-Middle Attack Dozens of organizations have been targeted by a sophisticated phishing campaign that uses attractive AitM techniques to carry out the attacks. Once the attacker has gained persistence, he exfiltrates data from the compromised account and uses his access to spread the phishing attacks against other victim’s employees…

Study Shows That Over Half of Security Leaders Lack Confidence in Protecting App Secrets A Comprehensive Secrets Management Program More and more secrets get leaked every year. To address this growing risk, companies need to strengthen their secrets management as a priority to harden their defenses. It might come as a surprise, but secrets management…

Beware: New Cryptocurrency Wallet Stealer Targets DoubleFinger Loader A new type of malicious code called DoubleFinger has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what’s an advanced attack targeting users in Europe, the U.S., and Latin America. The image employs steganographic trickery to conceal an encrypted payload that triggers a four-stage compromise chain…

Microsoft releases updates to improve the security of its products. The following security updates have been released for the June 2023 edition of Windows. Of the 73 flaws Microsoft has patched, six are rated Critical, 63 are rated Important, two are Moderated, and one is Low in severity. Also patched by Redmond are three critical…

A text detection method using divergent N-gram analysis, ChatGPT’s fingerprint The authors speculate about the implications of this new detection method for detecting AI-generated text. They see it as becoming more important as machine-learning techniques advance rapidly. Specifically, they focus on the detection of text in terms of true positive rate and false positive rate…