Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer (“HotPage.exe”), according to new findings […]
Author Archives: Onsite Computing, Inc.
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. […]
Crypto scammers are using the recent assassination attempts against former US President Donald Trump to lure customers into a crypto doubling scheme, according to a Bitdefender study. The new scam has the actors hijack YouTube channels to show convincing deep fakes and encourage victims to participate in crypto giveaways by scanning the QR code embedded […]
Let’s face it: AppSec and developers often feel like they’re on opposing teams. You’re battling endless vulnerabilities while they just want to ship code. Sound familiar? It’s a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs […]
Microsoft says the Windows 11 2023 Update has entered the broad deployment phase and is now available to all seekers on eligible systems. […]
As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in […]
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. “The vulnerabilities we found could have allowed attackers
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future’s Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,
Recent phishing campaigns were seen abusing email security services that rewrite URLs to hide their own malicious links. The irony is that this URL rewriting feature, which is common in secure email gateways and some cloud-based email services, is specifically intended as a reputation filter to prevent users from accessing known phishing sites. “From mid-May […]
Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country’s data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil’s National […]