GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs https://firewall.firm.in/wp-content/uploads/2025/01/git.png Jan 27, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user’s Git credentials. “Git implements a protocol called Git Credential Protocol to retrieve ...

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations https://firewall.firm.in/wp-content/uploads/2025/01/telecom.png Jan 24, 2025Ravie LakshmananTelecom Security / Vulnerability A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The ...

US treasury breach – Chinese hackers breach Janet Yellen’s computer, accessed about 50 files – ET CISO https://etimg.etb2bimg.com/thumb/msid-117320088,imgsize-87808,width-1200,height=765,overlay-etciso/data-breaches/us-treasury-breach-chinese-hackers-breach-janet-yellens-computer-accessed-about-50-files.jpg Hackers backed by the Chinese government accessed US Treasury Secretary Janet Yellen’s computer and files, Bloomberg News has reported . The breach, discovered in December, also impacted the computers of Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. The hackers ...

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation https://firewall.firm.in/wp-content/uploads/2025/01/root.png Jan 17, 2025Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have disclosed three security flaws in Planet Technology’s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. “These switches are widely used in building and home automation systems for a variety of networking ...

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action https://firewall.firm.in/wp-content/uploads/2025/01/digi.png Jan 16, 2025The Hacker NewsCertificate Management / Compliance The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying ...

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024 https://firewall.firm.in/wp-content/uploads/2025/01/push.png You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost ...

Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool https://firewall.firm.in/wp-content/uploads/2025/01/rsync.png Jan 15, 2025Ravie LakshmananVulnerability / Software Update As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. “Attackers can take control of a malicious server and read/write arbitrary ...

Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99 https://firewall.firm.in/wp-content/uploads/2025/01/web3.png Jan 15, 2025Ravie LakshmananCryptocurrency / Malware The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. “The campaign begins with fake recruiters, posing on platforms like ...

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes https://firewall.firm.in/wp-content/uploads/2025/01/google-ads.png Jan 15, 2025Ravie LakshmananMalvertising / Malware Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. “The scheme consists of stealing as many advertiser accounts as possible ...

North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains https://firewall.firm.in/wp-content/uploads/2025/01/korea.png Jan 15, 2025Ravie LakshmananBlockchain / Cryptocurrency Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate ...