Cyber Security

wp-header-logo-3779.png

Cross-Tenant AWS Vulnerability Exposed Account Resources

A cross-tenant vulnerability in Amazon Web Services (AWS) could have allowed attackers to abuse AWS AppSync to gain access to resources in an organization’s account. An attacker could exploit the AWS AppSync service to assume identity and access management (IAM) roles in other AWS accounts, gaining access to resources within those accounts, cloud security company […]

Continue Reading
wp-header-logo-3778.png

Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse

Security researchers at Proofpoint are calling attention to the discovery of a commercial red-teaming tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors. According to a new report from Proofpoint, Nighthawk is an advanced C2 framework sold by MDSec, a European outfit that sells adversary simulation and penetration […]

Continue Reading
wp-header-logo-3777.png

EU Parliament Website Attacked After MEPs Slam Russian Terrorism

The European Parliament website was hit by a cyberattack claimed by pro-Russian hackers Wednesday shortly after lawmakers approved a resolution calling Moscow a “state sponsor of terrorism”. “The European Parliament is under a sophisticated cyberattack. A pro-Kremlin group has claimed responsibility,” the parliament’s president, Roberta Metsola, posted on Twitter.  “Our IT experts are pushing back […]

Continue Reading
wp-header-logo-3776.png

US Bans Huawei, ZTE Telecoms Gear Over Security Risk

US authorities announced a ban Friday on the import or sale of communications equipment deemed “an unacceptable risk to national security” — including gear from Chinese giants Huawei Technologies and ZTE. Both firms have been on a roster of companies listed as a threat by the Federal Communications Commission (FCC), and the new rules bar […]

Continue Reading
wp-header-logo-3690.png

Log4Shell-like code execution hole in popular Backstage dev tool

Researchers at cloud coding security company Oxeye have written up a critical bug that they recently discovered in the popular cloud development toolkit Backstage. Their report includes an explanation of how the bug works, plus proof-of-concept (PoC) code showing how to exploit it. Backstage is what’s known as a cloud developer portal – a sort […]

Continue Reading
wp-header-logo-3689.png

Firefox fixes fullscreen fakery flaw – get the update now!

Firefox’s latest once-every-four-weeks security update is out, bringing the popular alternative browser to version 107.0, or Extended Support Release (ESR) 102.5 if you prefer not to get new feature releases every month. (As we’ve explained before, the ESR version number tells you which feature set you have, plus the number of times it’s had security […]

Continue Reading
wp-header-logo-3686.png

How social media scammers buy time to steal your 2FA codes

Phishing scams that try to trick you into putting your real password into a fake site have been around for decades. As regular Naked Security readers will know, precautions such as using a password manager and turning on two-factor authentication (2FA) can help to protect you against phishing mishaps, because: Password managers associate usernames and […]

Continue Reading
wp-header-logo-3685.png

How to hack an unpatched Exchange server with rogue PowerShell code

Just under two months ago, some worrying bug news broke: a pair of zero-day vulnerabilities were announced in Microsoft Exchange. As we advised at the time, these vulnerabilities, officially designated CVE-2022-41040 and CVE-2022-41082: [were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger […]

Continue Reading
wp-header-logo-3681.png

Google Patches Chrome’s Fifth Zero-Day of the Year

Infosec Insider Post Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Continue Reading
wp-header-logo-3680.png

iPhone Users Urged to Update to Patch 2 Zero-Days

Infosec Insider Post Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Continue Reading