Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover
A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth. “nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD
Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom’s Symantec, involved a new backdoor codenamed Graphican. Some of the other targets included a government finance department and a corporation that markets […]
Toward a more resilient SOC: the power of machine learning
A way to manage too much data To protect the business, security teams need to be able to detect and respond to threats fast. The problem is the average organization generates massive amounts of data every day. Information floods into the Security Operations Center (SOC) from network tools, security tools, cloud services, threat intelligence feeds, […]
Alert! Hackers Exploiting Critical Vulnerability in VMware’s Aria Operations Networks
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution. It impacts VMware
New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work of a threat actor who goes by the online alias zxcr9999 […]
Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13
When you think about the word “cyberthreat,” what first comes to mind? Is it ransomware? Is it spyware? Maybe it’s any collection of the infamous viruses, worms, Trojans, and botnets that have crippled countless companies throughout modern history. In the future, though, what many businesses might first think of is something new: Disinformation. Back in 2021, in speaking about […]
Update now! ASUS fixes nine security flaws
ASUS has released firmware updates for several router models fixing two critical and several other security issues. The new firmware with accumulated security updates is available for the models GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. You will find […]
Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products
Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric. The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors. “OT:ICEFALL demonstrates the need for tighter scrutiny of, and improvements to, processes related to
100,000 Hacked ChatGPT Accounts Discovered on Dark Web
By Waqas Most of the hacked ChatGPT accounts originated from India, Pakistan, and Brazil. This is a post from HackRead.com Read the original post: 100,000 Hacked ChatGPT Accounts Discovered on Dark Web
Next-Generation Firewalls: A comprehensive guide for network security modernization
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The terms computer security, information security and cybersecurity were practically non-existent in the 1980s, but believe it or not, firewalls have existed in […]