Important: BreachAware does not operate under any other brand name and will never provide unauthorised access to compromised credentials. We ask our users to beware of illegitimate websites imitating BreachAware.

Infosec News Feed

An aggregated list of cybersecurity publications
2022-05-20 16:57:00 UTC
HackRead
HackRead
Beware of Fake Windows 11 Downloads Distributing Vidar Malware

By Waqas

Phishing domains are spreading Windows 11 installers loaded with Vidar infostealer. According to the cybersecurity firm Zscaler ThreatLabz,…

This is a post from HackRead.com Read the original post: Beware of Fake Windows 11 Downloads Distributing Vidar Malware

News Fraud Malware Microsoft Phishing Scam Security Vidar Windows 11
2022-05-20 16:37:00 UTC
Dark Reading
Dark Reading
Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication

Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.

2022-05-20 14:56:00 UTC
The Daily Swig
The Daily Swig
WordPress theme Jupiter patches critical privilege escalation flaw

Users urged to update systems amid reports of active exploitation

2022-05-20 14:03:00 UTC
Naked Security | Sophos
Naked Security | Sophos
US Government says: Patch VMware right now, or get off our network

Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.

Vulnerability CVE-2022-22972 CVE-2022-22973 Federal Government MTR VMware
2022-05-20 14:00:00 UTC
Dark Reading
Dark Reading
Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap

To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.

2022-05-20 13:29:00 UTC
The Daily Swig
The Daily Swig
Widespread Swagger-UI library vulnerability leads to DOM XSS attacks

Dozens of bugs reported with a backlog containing hundreds more

2022-05-20 12:42:00 UTC
ThreatPost
ThreatPost
Closing the Gap Between Application Security and Observability

Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. 

InfoSec Insider
2022-05-20 12:23:00 UTC
Dark Reading
Dark Reading
New Open Source Project Brings Consistent Identity Access to Multicloud

Hexa and IDQL allows organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.

2022-05-20 11:21:00 UTC
The Daily Swig
The Daily Swig
Revisions to US Computer Fraud and Abuse Act will not prosecute ‘good-faith’ security research

DoJ makes long-anticipated changes to established computer crime laws

2022-05-20 11:21:00 UTC
The Daily Swig
The Daily Swig
US revises policy regarding Computer Fraud and Abuse Act, will not prosecute good faith research

DoJ makes long-anticipated changes to policy