The engineer deployed malware, deleted code repositories, and emailed himself proprietary bank code in retaliation for being fired, impersonating a coworker in the process.
Microsoft has released its final set of Patch Tuesday updates for 2023, addressing 33 flaws in its software. This release is considered one of the lightest in recent years, with four critical vulnerabilities and 29 important ones.
The Russian APT28 threat actor, also known as ITG05, is using authentic documents related to the Israel-Hamas war as lures to deliver a custom backdoor called HeadLace against targeted entities in 13 countries, primarily in Europe.
Around 1,450 instances of pfSense, an open-source firewall and router software, are vulnerable to command injection and cross-site scripting flaws. These flaws, if exploited together, could allow attackers to execute remote code on the system.
The threat actor uses techniques such as sending URLs to fake resume websites or attachments containing instructions to visit the website, leading to the download of malicious files.
The exploit, which is an XSS vulnerability, allows players to display GIFs using HTML code blocks in-game. This poses a potential security threat to players, as the exploit can access player IP addresses and potentially execute code on their PCs.
Clearview AI has reached a settlement in a class-action privacy lawsuit, which alleged that the company violated Illinois’ Biometric Information Privacy Act (BIPA) by using online images without consent for its facial recognition technology.
Researchers have discovered nearly a thousand fake profiles created with the intention of reaching out to companies in the Middle East. These profiles, often difficult to distinguish from real ones, have been successful in their campaigns.
According to Synopsys, the use of automated security technology is on the rise, as organizations increasingly embrace the “shift everywhere” philosophy to improve the effectiveness and reduce the cost of security activities.
The White House plans to collaborate with the Department of Health and Human Services to establish minimum cybersecurity standards to protect the healthcare sector from ransomware and other cyber threats.