GitHub, Microsoft Passkey Vulnerabilities Exposed 

Adversary-in-the-middle (AitM) attacks are exposing vulnerabilities in passkey authentication by stripping passkey options from login pages. That forces users to rely on less secure authentication methods, making their accounts susceptible to compromise. Joe Stewart from eSentire’s Threat Response Unit highlights that the problem lies not in the passkeys themselves but …

Read More

Ransomware Attack Paralyzes Patelco Services

Patelco Credit Union, one of the oldest and largest credit unions in the U.S., suffered a significant ransomware attack on June 29, 2024. The cyber assault forced the shutdown of Patelco’s online banking platform, mobile app, and call center operations, affecting nearly 500,000 members in the Bay Area and Northern …

Read More

Businesses Struggle with getting Cyber Insurance

US businesses are facing significant challenges in obtaining cybersecurity insurance due to rising premiums and restrictive policies. Experts highlighted the complexity and variability of insurance terms, particularly for smaller operators. Cyber insurance policies are difficult for companies to interpret and understand their coverage. The increasing threat of state-sponsored cyberattacks on …

Read More

TeamViewer Corporate Breach

TeamViewer recently revealed a breach in its corporate environment, attributing the attack to the Russian state-sponsored hacking group Midnight Blizzard. On June 26, 2024, TeamViewer’s security team detected unusual activity in their internal IT systems. Immediate measures were taken, including the activation of a response team and collaboration with global …

Read More

Cyberattacks targeting critical infrastructure sectors

In the first quarter of 2024, BlackBerry detected and thwarted 3.1 million cyberattacks, highlighting a significant rise in malicious activity. The report revealed that 60% of these attacks targeted critical infrastructure sectors, with the financial industry being hit the hardest. The surge in novel malware, with 54% of attacks involving …

Read More

Malicious Google ads 

A new cyber threat targeting Mac users has been uncovered, involving a stealer named “Poseidon” distributed through malicious Google ads for the popular Arc browser. The malware campaign, observed on June 24, 2024, marks the second instance of Arc being used as a lure. Previously, it had been exploited to …

Read More

Identity Verification Exposed: AU10TIX Breach

AU10TIX, a leading identity verification firm, recently suffered a significant security lapse, leaving administrative login credentials exposed online for over a year. This exposure potentially compromised sensitive user data, including images of Americans’ driver’s licenses, affecting major platforms like TikTok, Uber, and X (formerly Twitter). The breach was uncovered by …

Read More

Hardcoded Secrets: A Growing Threat

For years, developers have been cautioned against hard-coding secrets into their code. Yet, new research reveals that even a single instance can permanently expose these secrets, and conventional scanning tools often miss them. Our findings show that nearly 18% of secrets remain undetected, leaving critical credentials for cloud environments, internal …

Read More

Apple Patches AirPods Eavesdropping Flaw

Apple has released a crucial firmware update addressing a vulnerability in AirPods that could allow unauthorized access and potential eavesdropping. The flaw, tracked as CVE-2024-27867, affects multiple models including AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. When seeking a connection request to …

Read More

GrimResource Exploit Evades MMC Security

Elastic Security Labs researchers have identified a new cyberattack method called GrimResource, which targets the Microsoft Management Console (MMC) using specially crafted management saved console (MSC) files. This technique, uncovered from a sample uploaded to VirusTotal on June 6, has yet to be detected by static antivirus tools. GrimResource leverages …

Read More