Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Here we are again…. At least wasn’t directly them.

With the surge in remote work and virtual meetings, video communication is crucial for businesses and individuals. However, this convenience comes with significant cyber risks that can compromise sensitive information and privacy. Therefore, this article explores the common cyber threats in video communication and provides strategies to mitigate them.

Traditional security measures often fall short of measuring the dynamic modern-day threats. This is where red teaming comes in, a powerful approach that simulates real-world attacks to identify and address security gaps before they can be exploited. Standard red teaming tools are crucial in mimicking real attackers’ actions and uncovering vulnerabilities.

After our recent successes exploring WebSocket Hijacking vulnerabilities, we decided to expand this research project into other attacks that involve WebSockets. We started by looking at WebSocket smuggling attacks and expanded our scope to include HTTP response header injection attacks and potential novel impacts.

Imagine that you have a snack you want to eat while watching a movie on a Friday night. You look in your kitchen, only to find the snack missing. Whether a roommate hid the snack or ate it, you no longer have access to it, disrupting your evening plans. This destructive behavior interrupts your weekend objectives, but it’s pretty low stakes overall.

Veracode Scan for VS Code was one of the big hits on the expo floor at the RSA Security conference in May this year. People liked the integration of Veracode Static, Veracode SCA, and Veracode Fix into a single extension, giving developers the tools to scan their code and resolve problems with AI assistance while they are actively developing code.

AI promises many advantages when it comes to application development. But it’s also giving threat actors plenty of advantages, too. It’s always important to remember that AI models can produce a lot of garbage that is really convincing—and so can attackers. “Dark” AI models can be used to purposely write malicious code, but in this blog, we’ll discuss three other distinct ways using AI models can lead to attacks.

Qilin (also known as Agenda) is a ransomware-as-a-service criminal operation that works with affiliates, encrypting and exfiltrating the data of hacked organisations and then demanding a ransom be paid.

It’s that time again — for a brand new major release. Our team releases major versions of Teleport every 4 months. Here we introduce Teleport 16. This post goes into detail about Teleport 16 breaking changes, bug fixes and improvements. In Teleport 16, we focused on new features and enhancements to enable our customers to implement mitigations to protect against an IdP Compromise.

When it comes to SaaS operation, the ability to respond swiftly to technical glitches and potential failures can mean the difference between a minor hiccup and a full-blown crisis. At Cyberint, we’re always on the lookout for out-of-the-box solutions to enhance our operational efficiency and ensure the highest level of service reliability.