-
Friday Squid Blogging: “Mediterranean Beef Squid” Hoax
PRIVACY PRIVACY The viral video of the “Mediterranean beef squid”is a hoax. It’s not even a deep fake; it’s a plastic toy. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Read More
-
Azure API Management flaws highlight server-side request forgery risks in API development
PRIVACY PRIVACY Microsoft recently patched three vulnerabilities in its Azure API Management service, two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal Azure assets. The proof-of-concept exploits serve to highlight common errors that developers could make when trying to implement blacklist-based restrictions for their own APIs and…
-
Orca integrates cloud app security platform with GPT-4
PRIVACY PRIVACY Agentless cloud security provider Orca Security has integrated Microsoft Azure OpenAI GPT-4 into its cloud-native application protection platform (CNAPP) under the ChatGPT implementation program that the cybersecurity company started earlier this year. “With our transition to Azure OpenAI, our customers benefit from the security, reliability, and enterprise level support that Microsoft provides,” said…
-
Dallas Police Department Compromised in Ransomware Attack
PRIVACY PRIVACY The attack took down essential services, including some 911 dispatch systems Read More
-
WordPress plugin vulnerability puts two million websites at risk
PRIVACY PRIVACY Millions of WordPress-powered websites are using the Advanced Custom Fields and Advanced Custom Fields Pro plugins, which security researchers say have been vulnerable to cross-site scripting (XSS) attacks. Read More
-
North Korean APT Kimsuky Launches Global Spear-Phishing Campaign
PRIVACY PRIVACY ReconShark is sent via emails containing OneDrive links leading to documents with malicious macros Read More
-
“Kekw” Malware in Python Packages Could Steal Data and Hijack Crypto
PRIVACY PRIVACY Cyble said the Python security team has now removed the malicious package from PyPI Read More
-
Indicator Sharing Program: Real-Time Indicator Feeds
PRIVACY PRIVACY Through its real-time indicator feeds, the CTI team at the MS-ISAC helps members shift to predicting the next threat before it happens. Read More
-
Microsoft patches 3 vulnerabilities in Azure API Management
PRIVACY PRIVACY Microsoft has patched three new vulnerabilities in the Azure API Management service which includes two Server-Side Request Forgery (SSRF) vulnerabilities and a file upload path traversal on an internal Azure workload, according to cybersecurity firm Ermetic. The vulnerabilities were achieved through url formatting bypasses and an unrestricted file upload functionality in the API…
-
How To Be Safe On WhatsApp
PRIVACY PRIVACY I’m betting you have WhatsApp on your phone. Or, if you don’t – I’m quite sure a member of your family would. As the most popular messaging app in the world with 2 billion active monthly users, it’s clearly a favourite for many of us who want to keep in contact with both…