Native American Indian & Service-Disabled Veteran Owned Business
KayDev Tech
  • Home
  • About Us
  • Partners & Clients
  • Product
  • NAICS Codes
  • Services
  • News and Events
  • Contact
Menu
  • Home
  • About Us
  • Partners & Clients
  • Product
  • NAICS Codes
  • Services
  • News and Events
  • Contact

Who We Are

  • Who We Are
  • Who We Are
Contact Us

Recent Posts

  • Careers

Categories

  • Uncategorized

Archives

  • May 2019

RSS Cybersecurity

  • Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API January 2, 2025
    Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability […]
  • Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them January 2, 2025
    In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
  • Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT January 2, 2025
    Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a […]
  • Three Russian-German Nationals Charged with Espionage for Russian Secret Service January 2, 2025
    German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with […]
  • New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites January 1, 2025
    Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said.
  • Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics January 1, 2025
    The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main […]
  • New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy December 31, 2024
    The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in addressing the […]
  • Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents December 31, 2024
    The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.  "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to […]
  • Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation December 31, 2024
    Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. "Exploiting these flaws could allow attackers to gain persistent access as shadow administrators
  • New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits December 30, 2024
    The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader […]
© 2019 KayDev Technology. All Rights Reserved. Design & SEO By Miss Tweak IT