Yahoo’s vulnerability research team has recently identified nearly a dozen flaws in OpenText’s NetIQ iManager product, including some that could have been chained for unauthenticated remote code execution.  The research team discovered 11 vulnerabilities that could have been exploited individually for cross-site request forgery (CSRF), server-side request forgery (SSRF), remote code execution (RCE), arbitrary file upload, authentication bypass, file disclosure, and privilege escalation.

According to security researchers at SonicWall, global threat actors have been ramping up attacks on government targets, with a triple-digit annual increase in malware-driven attempts to compromise victims in the first three months of the year.  Alongside the 236% year-on-year (YoY) increase in Q1 2024, the researchers recorded a 27% annual increase in government attacks in the month leading up to the US election.  The researchers claimed that recorded DDoS attacks are on track to surpass last year’s figure by 32%.

By grigby1

By grigby1 

Researchers have revealed a new browser attack called "CrossBarking" that exploits "private" Application Programming Interfaces (APIs) in Opera to gain control over victims' browsers. CrossBarking involves running malicious code in the context of websites that have access to private APIs. This can be done through a Cross-Site Scripting (XSS) vulnerability or malicious browser extension. This article continues to discuss the CrossBarking browser attack.

Microsoft warns of a large-scale spear-phishing campaign attributed to the Russian state-sponsored threat actor "Midnight Blizzard." According to Microsoft, the campaign has targeted thousands of users in over 100 organizations across government, defense, academia, and other sectors, mainly in the US and Europe. This article continues to discuss the new spear-phishing campaign by Russia's Midnight Blizzard.

The North Korean state-sponsored hacking group "Andariel" has been attributed to a "Play" ransomware operation. According to Palo Alto Networks' Unit 42, Andariel may be a Play affiliate or an Initial Access Broker (IAB) facilitating the malware launch on a network they breached months earlier. Andariel is a state-sponsored Advanced Persistent Threat (APT) group linked to North Korea's Reconnaissance General Bureau, a military intelligence agency. This article continues to discuss the connection between Andariel and Play ransomware.

The threat actor "Chenlun" has been linked to a sophisticated phishing campaign impersonating trusted brands such as Amazon through text messages. Researchers at DomainTools attributed this activity to Chenlun, who exploited USPS delivery alerts last year to steal sensitive information. A new wave of phishing messages warns users about suspicious account activity and encourages them to verify accounts via malicious links. This article continues to discuss the evolution of Chenlun's tactics and the importance of collaborating to combat phishing attacks.