Trending Now
LATEST
GitHub says hackers cloned code-signing certificates in breached repository
Enlarge
GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom.
Code-signing certificates place...
QNAP addresses a critical flaw impacting its NAS devices
Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices.
QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
Chromebook SH1MMER exploit promises admin jailbreak
Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…
MusicLM: Google AI generates music in various genres at 24 kHz
Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica)
On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine
The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.
Criminal evolutions, disgruntled insiders, and gangsta wannabes. New wiper attacks hit Ukrainian targets, with less effect than the first rounds early last year. And support your local hacktivist?
Gootloader's evolution. Yandex source code leaked (and Yandex blames a rogue insider). New GRU wiper malware is active against Ukraine. Latvia reports cyberattacks by Gamaredon. Russia and the US trade accusations...
Cybercrime Ecosystem Spawns Lucrative Underground Gig Economy
The complex nature of cyberattacks has increased demand for software developers, reverse engineers, and offensive specialists — attracting workers facing financial insecurity.
The wages of sin aren’t that great if you’re a developer choosing the dark side
Salary report shows OKish pay, plus the possibility of getting ripped off and the whole prison thing Malware developers and penetration testers are in high demand across dark web job posting sites, with a few astonishing - but mostly...
10M JD Sports Customers' Info Exposed in Data Breach
UK sportswear retailer asks exposed customers to stay "vigilant" against phishing attempts following cyberattack.
IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance
New research from Drata shows compliance remains a business challenge for many organizations.
Make Developers the Driver of Software Security Excellence
Those who are wrangling code every day could fuel a genuinely transformational approach to security — if they are adequately upskilled.
Gootloader malware updated with PowerShell, sneaky JavaScript
Perhaps a good time to check for unwelcome visitors The operators behind Gootloader, a crew dubbed UNC2565, have upgraded the code in cunning ways to make it more intrusive and harder to find.…
Facebook Bug Allows 2FA Bypass Via Instagram
The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports.
BrandPost: What’s Next in Securing Healthcare
Over the last decade, healthcare has offered new lines of services such as telehealth and remote patient monitoring, expanded accessibility and ease for both patients and healthcare professionals, and supported innovations that measurably improve patient outcomes. It’s a profound...
RCR 107: Conduct Security Control Testing (CISSP Domain 6)
Description: Shon Gerber from CISSPCyberTraining.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career....
JD Sports Confirms Breach Affected 10 Million Customers
The cyber-attack hit the company between November 2018 and October 2020
Serious Security: The Samba logon bug caused by outdated crypto
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Fake Texts From the Boss, Bogus Job Postings and Frankenstein Shoppers — Oh My!
Experian’s annual Future of Fraud Forecast highlights five fraud threats facing businesses and consumers in 2023.
Massive Yandex code leak reveals Russian search engine’s ranking factors
Enlarge / The Russian logo of Yandex, the country's largest search engine and a tech company with many divisions, inside the company's headquarters. (credit: SOPA Images / Getty Images)
Nearly...
Convincing, Malicious Google Ads Look to Lift Password Manager Logins
Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults.
Get nine ethical hacking courses for just $30
Learn some of today's most popular attacks and how to mitigate them with The All-in-One Ethical Hacking & Penetration Testing Bundle.
The post Get nine ethical hacking courses for just $30 appeared first on TechRepublic.
Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware
Threat actors used TrickGate to conduct between 40 and 650 attacks per week in the last two years
LEADERS
Latvia says Russian hackers tried to phish its Ministry of Defence
The Kremlin-backed Gamaredon hacking group is being blamed for an attempted phishing attack against the Latvian Ministry of Defence.
Read more in my article on the Hot for Security blog.
If a locked filing cabinet is stolen along with its key, can you say it’s still locked? GoTo thinks you can
GoTo says that hackers stole its customers' "encrypted backups." But they also say the hackers stole the decryption keys.
To say the backups were encrypted is a bit like trying to argue that a locked box is locked, if the...
Hackers steal 10 million customer details from JD Sports
If you've purchased trainers from sports fashion retailer JD Sports in the past, your personal details could now be in the hands of hackers.
Read more in my article on the Hot for Security blog.
NIST Is Updating Its Cybersecurity Framework
NIST is planning a significant update of its Cybersecurity Framework. At this point, it’s asking for feedback and comments to its concept paper.
Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)?
Are the proposed changes sufficient...
Weekly Update 332
Presently sponsored by: CrowdSec - Gain crowd-sourced protection against malicious IPs and benefit from the most accurate CTI in the world. Get started for free.Breaches all over the place today! Well, this past week, and there's some debate as...
