Trending Now
LATEST
Ukraine war blurs lines between cyber-crims and state-sponsored attackers
This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
We need to refine and secure AI, not turn our backs on the technology
While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
ISC StormCast for Thursday, June 1st, 2023
Apache NiFi Attacks https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 Gigabyte App Center Backdoor; https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ Salesforce
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
Feds, you’ll need a warrant for that cellphone border search
Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?
height="315" class="aligncenter size-full wp-image-292324" />
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?
All this and...
.ZIP domains, AI lies, and did social media inflame a riot?
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?All this and much much more is...
Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls
Enlarge (credit: Getty Images)
Firewalls made by Zyxel are being wrangled into a destructive botnet, which is taking control of them by exploiting a recently patched vulnerability with a severity...
AI-expanded album cover artworks go viral thanks to Photoshop’s Generative Fill
Enlarge / An AI-expanded version of a famous album cover involving four lads and a certain road created using Adobe Generative Fill. (credit: Capitol Records / Adobe / Dobrokotov)
Over...
8 best practices for securing your Mac from hackers in 2023
Best practices for securing your Mac against potential hacks and security vulnerabilities include enabling the firewall, using strong passwords and encryption, and enabling Lockdown Mode.
The post 8 best practices for securing your Mac from hackers in 2023 appeared first...
Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
New hacking forum exposes RaidForums member data
SiliconAngle reports that disrupted hacking site RaidForums had its member database including information from 478,870 members leaked on the new Exposed hacking forum, which is claimed to be owned and administered by the threat actor dubbed as 'Impotent.'
CAPTCHA-breaking services gaining traction
More threat actors have been leveraging illicit services aimed at bypassing CAPTCHA checks, according to The Hacker News.
Universal 2FA implemented for PyPI project maintainers
All Python Package Index project maintainers have been required to adopt two-factor authentication by the end of the year in a bid to better prevent account takeover attacks, reports SecurityWeek.
Over 8.9M impacted by MCNA Dental ransomware attack
Over 8.9M impacted by MCNA Dental ransomware attack Major government-sponsored dental insurance provider Managed Care of North America Dental has disclosed being impacted by a cyberattack compromising personal and health information from more than 8.92 million individuals, including patients,...
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model
Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?
Two RAT infestations. Ghosts of sites past. Trends in identity security. Detecting deepfakes may prove more difficult than you think.
SeroXen is a new elusive evolution of the Quasar RAT that seems to live up to its hype, and DogeRAT is a cheap Trojan targeting Indian Android users. Salesforce ghost sites...
MacOS 'Migraine' Bug: Big Headache for Device System Integrity
Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware.
The most overhyped identity trends, according to cybersecurity investors
Identiverse panelists cite identity solutions and concepts whose short-term trajectories might not live up to the buzz surrounding them.
Ways to Help Cybersecurity's Essential Workers Avoid Burnout
To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment.
BrandPost: Cybercriminals are abusing security tools—here’s how we’re stopping them
By Microsoft SecurityCybercriminals are constantly looking for novel ways to evade detection and enact harm. Outdated copies of common security tools have become one avenue. Microsoft, cybersecurity software company Fortra™ and the Health Information Sharing and Analysis Center (Health-ISAC)...
Machine Learning Applications in the Cybersecurity Space
Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques.
Machine learning techniques extract information...
What Apple's RSRs Reveal About Mac Patch Management
Apple's Rapid Security Response updates are designed to patch critical security vulnerabilities, but how much good can they do when patching is a weeks-long process?
LEADERS
Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?
height="315" class="aligncenter size-full wp-image-292324" />
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?
All this and...
Hacking forum hacked, user database leaked online
RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is - perhaps surprisingly - at the centre of another cybersecurity breach.
Chinese Hacking of US Critical Infrastructure
Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure.
Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.
SAS Airlines hit by $3 million ransom demand following DDoS attacks
Scandinavian Airlines (SAS) has received a US $3 million ransom demand following a prolonged campaign of distributed denial-of-service (DDoS) attacks against its online services.
Read more in my article on the Hot for Security blog.
Venezuela pays people to tweet state propaganda and deepfake videos
The BBC reports that the Venezuelan government is paying people to tweet in support of it, in an attempt to drown out the noise of its critics.
