Ukraine war blurs lines between cyber-crims and state-sponsored attackers
This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
We need to refine and secure AI, not turn our backs on the technology
While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
Feds, you’ll need a warrant for that cellphone border search
Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?
height="315" class="aligncenter size-full wp-image-292324" />
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?
All this and...
Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls
Enlarge (credit: Getty Images)
Firewalls made by Zyxel are being wrangled into a destructive botnet, which is taking control of them by exploiting a recently patched vulnerability with a severity...
AI-expanded album cover artworks go viral thanks to Photoshop’s Generative Fill
Enlarge / An AI-expanded version of a famous album cover involving four lads and a certain road created using Adobe Generative Fill. (credit: Capitol Records / Adobe / Dobrokotov)
Over...
8 best practices for securing your Mac from hackers in 2023
Best practices for securing your Mac against potential hacks and security vulnerabilities include enabling the firewall, using strong passwords and encryption, and enabling Lockdown Mode.
The post 8 best practices for securing your Mac from hackers in 2023 appeared first...
Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
New hacking forum exposes RaidForums member data
SiliconAngle reports that disrupted hacking site RaidForums had its member database including information from 478,870 members leaked on the new Exposed hacking forum, which is claimed to be owned and administered by the threat actor dubbed as 'Impotent.'
CAPTCHA-breaking services gaining traction
More threat actors have been leveraging illicit services aimed at bypassing CAPTCHA checks, according to The Hacker News.
Universal 2FA implemented for PyPI project maintainers
All Python Package Index project maintainers have been required to adopt two-factor authentication by the end of the year in a bid to better prevent account takeover attacks, reports SecurityWeek.
Over 8.9M impacted by MCNA Dental ransomware attack
Over 8.9M impacted by MCNA Dental ransomware attack Major government-sponsored dental insurance provider Managed Care of North America Dental has disclosed being impacted by a cyberattack compromising personal and health information from more than 8.92 million individuals, including patients,...
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model
Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?
MacOS 'Migraine' Bug: Big Headache for Device System Integrity
Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware.
The most overhyped identity trends, according to cybersecurity investors
Identiverse panelists cite identity solutions and concepts whose short-term trajectories might not live up to the buzz surrounding them.
Ways to Help Cybersecurity's Essential Workers Avoid Burnout
To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment.
BrandPost: Cybercriminals are abusing security tools—here’s how we’re stopping them
By Microsoft SecurityCybercriminals are constantly looking for novel ways to evade detection and enact harm. Outdated copies of common security tools have become one avenue. Microsoft, cybersecurity software company Fortra™ and the Health Information Sharing and Analysis Center (Health-ISAC)...
K000133759 : Python vulnerability CVE-2020-26116
Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP ...
K48187630 : Multiple grub2 vulnerabilities
Security Advisory Description CVE-2020-14308 In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads ...
Apple Zeed ALL YOUR STYLE CMS 2.0 SQL Injection
Apple Zeed ALL YOUR STYLE CMS version 2.0 suffers from a remote SQL injection vulnerability.
RaidForums – 478,604 breached accounts
In May 2023, 478k user records from the now defunct hacking forum known as "RaidForums" was posted to another hacking forum. The data dated back to September 2020 and included email addresses, usernames, dates of birth, IP addresses and...
Polish Credentials – 1,204,870 breached accounts
In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside...
