Webinar – Mastering API Security: Understanding Your True Attack Surface

Webinar – Mastering API Security: Understanding Your True Attack Surface,

Believe it or not, your attack surface is expanding faster than you realize. How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to Cloudflare.
According to the « Quantifying the Cost of API Insecurity » report, US

,

Believe it or not, your attack surface is expanding faster than you realize. How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to Cloudflare.
According to the « Quantifying the Cost of API Insecurity » report, US

, ,
https://thehackernews.com/2023/06/webinar-mastering-api-security.html

Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack

Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack,

The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox.
According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accused of conspiring to launder approximately 647,000 bitcoins stolen from September 2011 through at

,

The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox.
According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accused of conspiring to launder approximately 647,000 bitcoins stolen from September 2011 through at

, ,
https://thehackernews.com/2023/06/two-russian-nationals-charged-for.html

Critical FortiOS and FortiProxy Vulnerability Likely Exploited – Patch Now!

Critical FortiOS and FortiProxy Vulnerability Likely Exploited – Patch Now!,

Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been « exploited in a limited number of cases » in attacks targeting government, manufacturing, and critical infrastructure sectors.
The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could

,

Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been « exploited in a limited number of cases » in attacks targeting government, manufacturing, and critical infrastructure sectors.
The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could

, ,
https://thehackernews.com/2023/06/critical-fortios-and-fortiproxy.html

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer,

Security researchers have warned about an « easily exploitable » flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions.
« A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system, » Varonis researcher Dolev Taler said. « Malicious

,

Security researchers have warned about an « easily exploitable » flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions.
« A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system, » Varonis researcher Dolev Taler said. « Malicious

, ,
https://thehackernews.com/2023/06/researchers-uncover-publisher-spoofing.html

Why Now? The Rise of Attack Surface Management

Why Now? The Rise of Attack Surface Management,

The term « attack surface management » (ASM) went from unknown to ubiquitous in the cybersecurity space over the past few years. Gartner and Forrester have both highlighted the importance of ASM recently, multiple solution providers have emerged in the space, and investment and acquisition activity have seen an uptick.
Many concepts come and go in cybersecurity, but attack surface management

,

The term « attack surface management » (ASM) went from unknown to ubiquitous in the cybersecurity space over the past few years. Gartner and Forrester have both highlighted the importance of ASM recently, multiple solution providers have emerged in the space, and investment and acquisition activity have seen an uptick.
Many concepts come and go in cybersecurity, but attack surface management

, ,
https://thehackernews.com/2023/06/why-now-rise-of-attack-surface.html

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable,

A fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection.
The samples grant « threat actors the ability to load numerous malware families and exploits with ease through highly obfuscated batch files, » Trend Micro researchers said.
About 79.6% of the total 784 artifacts

,

A fully undetectable (FUD) malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection.
The samples grant « threat actors the ability to load numerous malware families and exploits with ease through highly obfuscated batch files, » Trend Micro researchers said.
About 79.6% of the total 784 artifacts

, ,
https://thehackernews.com/2023/06/cybercriminals-using-powerful-batcloak.html

Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk

Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk

,

Security vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information.
« Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account, » security researcher Eaton Zveare said in a report published last week.
The platform is designed for the sale of power

,

Security vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information.
« Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account, » security researcher Eaton Zveare said in a report published last week.
The platform is designed for the sale of power

, ,
https://thehackernews.com/2023/06/password-reset-hack-exposed-in-hondas-e.html

Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme

Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme,

A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.
« This massive campaign has likely resulted in thousands of people being scammed worldwide, » Trend Micro researchers said in a report published last week, linking it to a Russian-speaking threat actor named « Impulse

,

A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.
« This massive campaign has likely resulted in thousands of people being scammed worldwide, » Trend Micro researchers said in a report published last week, linking it to a Russian-speaking threat actor named « Impulse

, ,
https://thehackernews.com/2023/06/beware-1000-fake-cryptocurrency-sites.html

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls – Patch Now!

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls – Patch Now!,

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution.
The vulnerability, tracked as CVE-2023-27997, is « reachable pre-authentication, on every SSL VPN appliance, » Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend.
Details

,

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution.
The vulnerability, tracked as CVE-2023-27997, is « reachable pre-authentication, on every SSL VPN appliance, » Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend.
Details

, ,
https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html

Apple’s Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs

Apple’s Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs

,

Apple is introducing major updates to Safari Private Browsing, offering users better protections against third-party trackers as they browse the web.
« Advanced tracking and fingerprinting protections go even further to help prevent websites from using the latest techniques to track or identify a user’s device, » the iPhone maker said.
« Private Browsing now locks when not in use, allowing a user

,

Apple is introducing major updates to Safari Private Browsing, offering users better protections against third-party trackers as they browse the web.
« Advanced tracking and fingerprinting protections go even further to help prevent websites from using the latest techniques to track or identify a user’s device, » the iPhone maker said.
« Private Browsing now locks when not in use, allowing a user

, ,
https://thehackernews.com/2023/06/apples-safari-private-browsing-now.html