BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities

The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat. The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs […]

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an “extremely severe” flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.1 and Metabase Enterprise

Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild

The Cybersecurity and Infrastructure Security Agency (CISA) added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch (FCEB) agencies must remediate this vulnerability by August 15, 2023 to protect their networks against active threats. We urge everyone else to take this […]

Cl0p Ransomware Strikes Deloitte, Company Refutes Breach

By Waqas In a message on its dark web breach blog, Cl0p Ransomware claims that The company (Deloitte) doesn’t care about its customers; it ignored their security. This is a post from HackRead.com Read the original post: Cl0p Ransomware Strikes Deloitte, Company Refutes Breach

Black Hat 2023: Understanding Mobile Exploitation Beyond the App – post by LinkCyb

Unveiling the World of Mobile Exploitation: ARM Architecture and Beyond Dinesh Shetty, Director, Security Engineering, Security Innovation Mobile applications are the obvious target for cyber attacks, but a secure application won’t faze a committed cyber adversary. They can exploit any mobile interface—an app, calls to the OS, and background operations. From there, they can easily […]

What your peers want to know before buying a DLP tool

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Preventing data loss is a concern for almost every organization, regardless of size, especially organizations with sensitive data.  Organizations, now more than ever […]