Trending Now
LATEST
Popunders are not the good kind of ads. [Research Saturday]
On this episode, Jérôme Segura, senior threat researcher at Malwarebytes, shares his team's work, "WordPress sites backdoored with ad fraud plugin." WordPress is an immensely popular content management system (CMS) powering...
Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability.
Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal...
OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week.
The glitch, which came to light on...
US Charges 20-Year-Old Head of Hacker Site BreachForums
The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers.
The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.
Dish customers struggle with service disruptions weeks after ransomware attack
Customers complain that they are still having payment issues and are not able to contact customer service weeks after Dish Network suffered a ransomware attack.
CISA announced the Pre-Ransomware Notifications initiative
The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs.
The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of...
DevSecOps puts security in the software cycle
Addressing cybersecurity can be a challenge when the focus is on speed in software development and production life cycles.
The post DevSecOps puts security in the software cycle appeared first on TechRepublic.
CyberSecure Announces Strategic Alliance
The joint partnership represents expanded market opportunities.
Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study
Cisco’s just-released 2023 Cybersecurity Index shows companies will invest more in security, but the solution may be a larger tent, not more umbrellas.
The post Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study appeared...
Friday Squid Blogging: Creating Batteries Out of Squid Cells
This is fascinating:
“When a squid ends up chipping what’s called its ring tooth, which is the nail underneath its tentacle, it needs to regrow that tooth very rapidly, otherwise it can’t claw its prey,” he explains.
This was intriguing news...
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest
In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.
Tools, alerts, and advisories from CISA. Reply phishing scams. Cl0p goes everywhere with GoAnywhere. EW in the hybrid war, and shields stay up.
A CISA tool helps secure Microsoft clouds.JCDC and pre-ransomware notification. CISA releases six ICS advisories. Reply phishing. Cl0p goes everywhere exploiting GoAnywhere. Russian electronic warfare units show the ability to locate...
GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.
Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month
A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.
ChatGPT gets “eyes and ears” with plugins that can interface AI with the world
Enlarge (credit: Aurich Lawson | Getty Images)
On Thursday, OpenAI announced a plugin system for its ChatGPT AI assistant. The plugins give ChatGPT the ability to interact with the wider...
CISA unleashes Untitled Goose Tool to honk at danger in Microsoft’s cloud
Not a headline we expected to write today American cybersecurity officials have released an early-warning system to protect Microsoft cloud users.…
A Hacker’s Mind News
My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in airports.
Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now.
You can...
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
Reverse-engineering reveals close similarities to BlackMatter ransomware, with some improvements
Critical flaw in WooCommerce can be used to compromise WordPress websites
WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers...
ESW #310 – Shamim Naqvi, Grace Burkard
SafeLiShare delivers tamperproof security from inside out across clouds and eliminate algorithmic complexity attacks and reverse never-ending cycles of defense using policy controlled Confidential Computing with secure enclave technology. Segment Resources: Presentation - https://1drv.ms/p/s!AqqNWej5CK8uhEoIZW5MUxMTQLJU Blog - https://safelishare.com/blog/defining-confidential-computing/ Video -...
Malicious ChatGPT Extensions Add to Google Chrome Woes
The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.
Patch released for critical vulnerability in WooCommerce Payments plug-in
WooCommerce Payments runs on more than 6 million websites, so security teams that use the platform need to patch immediately or risk unauthenticated administrative takeover of their websites.
SWN #283 – TikTok, GitHub, CISA, More CISA, a Little More CISA, Netgear, & DoKwon
This week Dr. Doug talks: TikTok, Github, CISA and More CISA, Netgear, Do Kwon and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on...
Huge collection of vintage Apple computers goes to auction next week
Enlarge / I mostly recognize this early laptop from its resemblance to a similar-looking computer in the film 2010. It's up for auction along with hundreds of other old Apple computers....
WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!
Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.
LEADERS
Friday Squid Blogging: Creating Batteries Out of Squid Cells
This is fascinating:
“When a squid ends up chipping what’s called its ring tooth, which is the nail underneath its tentacle, it needs to regrow that tooth very rapidly, otherwise it can’t claw its prey,” he explains.
This was intriguing news...
A Hacker’s Mind News
My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in airports.
Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now.
You can...
Exploding USB Sticks
In case you don’t have enough to worry about, people are hiding explosives—actual ones—in USB sticks:
In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded...
Danger USB! Journalists sent exploding flash drives
If you were sent a USB stick anonymously through the post, would you plug it into your computer?
Perhaps you'll think twice when you hear what happened to these Ecuadorian journalists.
Read more in my article on the Hot for Security...
Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat.
Read more in my article...
