Trending Now
LATEST
S3 Ep96: Zoom 0-day, AEPIC leak, Conti reward, heathcare security
Chester attends DEF CON from afar. Zoom fixes an 0-day. An APIC leak that isn't EPIC. $10m for dobbing in Conti criminals. Cybersecurity in hospitals. Ransomware in triplicate.
https://nakedsecurity.sophos.com/zoom-for-mac-patches-get-root-bug
https://nakedsecurity.sophos.com/apic-epic-intel-chips-leak-secrets
https://nakedsecurity.sophos.com/us-offers-reward-up-to-10-million
https://pubmed.ncbi.nlm.nih.gov/31506956/
https://news.sophos.com/en-us/multiple-attackers-increase-pressure
With Doug Aamoth and Paul Ducklin
Original music by Edith Mudge (https://www.edithmudge.com)
Got questions/suggestions/stories...
Apple patches double zero-day in browser and kernel – update now!
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Google, Apple squash exploitable browser bugs
Chrome flaw has public exploit, WebKit hole actively abused along with kernel escalation Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild.…
Update Chrome now to patch actively exploited zero-day
Enlarge / It's a good time to restart or update Chrome—if your tabs love you, they'll come back. (credit: Getty Images)
Google announced an update on Wednesday to the Stable...
Cyber incidents and lessons from Russia's hybrid war. Zimbra vulnerabilities exploited. New Lazarus Group activity reported. ICS security advisories .Insider trading charges from 2017 Equifax breach.
A DDoS attack against a Ukrainian nuclear power provider. The US Army draws some lessons from the cyber phases of Russia's hybrid war. Vulnerabilities in Zimbra are undergoing widespread exploitation.Reports of...
BSW #273 – Jess Burn
In 1995, Craig Newmark started curating a list of San Francisco arts and technology events, which he personally emailed to friends and colleagues. People were soon calling it “Craig’s List.” Most know the rest of the story. But what...
ASW #208 – Tanya Janca
Let's talk about adding security tools to a CI/CD, the difference between "perfect" and "good" appsec, and my upcoming book. Segment Resources: https://community.wehackpurple.com #CyberMentoringMonday on Twitter Microsoft fixes an old bounty from 2019, rewards almost $14M on bounties in...
Software developer cracks Hyundai car encryption with Google search
Top tip: Your RSA private key should not be copied from a public code tutorial A developer says he was able to run his own software on his car infotainment hardware after discovering the vehicle's manufacturer had secured its...
New Deep Instinct partner program targets MSSPs fighting ransomware
Cybersecurity firm Deep Instinct has rolled out a new partner program to provide its endpoint and application protection software to managed security service providers (MSSPs), the company announced Wednesday.The Stratosphere program was initially announced in April, and designed as...
Universal database of device vulnerability information launched
A universal database of agentless devices currently being used on enterprise networks has been announced by DeviceTotal. The new repository allows the company's customers to identify the accurate security posture for each device in their organization, according to the...
iOS 15.6.1—Update Now Warning Issued To All iPhone Users
Apple has released iOS 15.6.1, along with a warning to update now, because it fixes two security holes already being used to attack iPhones.
Google Chrome Zero-Day Found Exploited in the Wild
The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.
Apple Patches New macOS, iOS Zero-Days
Apple on Wednesday rolled out emergency patches for a pair of already exploited zero-day vulnerabilities in its flagship macOS and iOS platforms.
Apple confirmed in-the-wild exploitation of the vulnerabilities in separate advisories warning about code execution flaws in fully patched...
After 7 years, long-term threat DarkTortilla crypter is still evolving
.NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says A highly pervasive .NET-based crypter that has flown under the radar since about 2015 and can deliver a wide range of malicious payloads continues to...
'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections
The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip.
Google fixed a new Chrome Zero-Day actively exploited in the wild
Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year.
Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity...
When Countries Are Attacked: Making the Case for More Private-Public Cooperation
The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent.
News & Analysis | NO. 344
Blackhat/DEFCON, TikTok Lockdown, MailChimp Breach…
Sponsor: JupiterOne https://www.jupiterone.com/unsupervisedlearning
Support the show: https://danielmiessler.com/support/See omnystudio.com/listener for privacy information.
How to stop the evil lurking in the shadows
Webinar Barely a day goes by without news of a ransomware attack somewhere in the media. And these types of cyber security incident can seriously derail financial, social, health and industrial activity, inflicting massive damage and requiring a...
Seaborgium targets sensitive industries in several countries
The cyberespionage threat actor is aligned with Russian interests and has hit numerous organizations since 2017, aiming at stealing sensitive data.
The post Seaborgium targets sensitive industries in several countries appeared first on TechRepublic.
'Operation Sugarush' Mounts Concerning Spy Effort on Shipping, Healthcare Industries
A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets.
iOS VPNs have leaked traffic for more than 2 years, researcher claims
Enlarge (credit: Getty Images)
A security researcher says that Apple's iOS devices don't fully route all network traffic through VPNs, a potential security issue the device maker has known about...
CISA Warns of Hackers Exploiting Multiple Vulnerabilities in the Zimbra Collaboration Suite
The advisory was compiled by CISA with the Multi-State Information Sharing & Analysis Center
China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure
The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.
Healthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High
IBM Security and the Ponemon institute release an annual report known as one the most significant industry benchmarks. The Cost of a Data Breach analysis examines real-world breaches in great detail, producing insights into the factors that impact the...
LEADERS
Zoom Exploit on MacOS
This vulnerability was reported to Zoom last December:
The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer....
When Efforts to Contain a Data Breach Backfire
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was...
Remotely Controlling Touchscreens
This is more of a demonstration than a real-world vulnerability, but researchers can use electromagnetic interference to remotely control touchscreens.
From a news article:
It’s important to note that the attack has a few key limitations. Firstly, the hackers need to...
$23 Million YouTube Royalties Scam
Scammers were able to convince YouTube that other peoples’ music was their own. They successfully stole $23 million before they were caught.
No one knows how common this scam is, and how much money total is being stolen in this...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I’m speaking as part of a Geneva Centre for Security Policy course on Cyber Security in the Context of International Security, online, on September 22, 2022.
I’m...
