Tag: technews

Judge dismisses Republican lawsuit against Google over Gmail’s spam prevention The suit complained Google intentionally sent RNC political emails to Gmail users’ spam folders, and the RNC sought restitution for “donations it allegedly lost as a result” of those lost emails. The RNC cited a North Carolina State University study that found Gmail was more…

Hundreds of new variants of the LockBit 3.0 ransomware have been created following the The leak of the ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Some of the other threat actors known to leverage it include Bl00dy and Buhti. Cisco has since acknowledged that the threat…

Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack, Ex Kroll, a risk and financial advisory company, has learned that one of its employees was victim to a SIM swapping attack. The incident, which took place on August 19, 2023, targeted the employee’s T-Mobile account, the company said. Specifically, t-Mobile, without any authority…

Google Keep for Android is getting some much-needed upgrades Finally, some good news for Android-toting Google Keep users: text formatting has finally been added to the app. It’s fast, available on Android, iOS, and the web, and it manages to be both extremely simple and quite clever. The new formatting options make Keep even more…

How to Investigate an OAuth Grant for Suspicious Activity or Unauthorized Scopes The platform provides an inventory of every app-to-app OAuth grant ever created in your org, along with OAuth risk insights like grant type, age, number of scopes, who granted access, and an overall OAuth Risk Score. With this visibility, users can easily conduct…

New WinRAR Vulnerability Could Allow Hackers to Steal Your PC A flaw has been disclosed in the WinRAR utility that allows attackers to gain remote code execution. The vulnerability, marked as CVE-2023-40477, was discovered by a security researcher who goes by the alias goodbyeselene. He describes the flaw in terms of its severity and impact.…

Adobe ColdFusion Flaw Added to CISA’s List of Exploited The U.S. government’s CISA agency has added a flaw in Adobe’s ColdFusion program to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The agency describes the flaw as CVE-2023-26359 and notes that it allows an attacker to execute arbitrary code without requiring…

Ivanti Warns of Critical Zero-Day Flaw in Sentry Software Being Ivanti warns customers of a new zero-day flaw in its Sentry software. If successfully exploited, the bug allows an attacker to change configuration, run system commands, or write files onto the system. The company has published a proof-of-concept for the flaw and released a patch…

Urgent FBI Warning: Barracuda Email Gateways Vulnerable to Attacks Despite Recent The U.S. Federal Bureau of Investigation warns that Barracuda Networks customers whose devices have been patched with the latest firmware update may be at risk of being compromised by Chinese hacking groups. Update: Baracuda issues a statement reiterating its advice to customers: Out of…

Taiwanese Flax Sector Cyber Espionage Targets by China-Linked Typhoon The nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal…