New hacking forum exposes RaidForums member data
SiliconAngle reports that disrupted hacking site RaidForums had its member database including information from 478,870 members leaked on the new Exposed hacking forum, which is claimed to be owned and administered by the threat actor dubbed as 'Impotent.'
CAPTCHA-breaking services gaining traction
More threat actors have been leveraging illicit services aimed at bypassing CAPTCHA checks, according to The Hacker News.
Universal 2FA implemented for PyPI project maintainers
All Python Package Index project maintainers have been required to adopt two-factor authentication by the end of the year in a bid to better prevent account takeover attacks, reports SecurityWeek.
Over 8.9M impacted by MCNA Dental ransomware attack
Over 8.9M impacted by MCNA Dental ransomware attack Major government-sponsored dental insurance provider Managed Care of North America Dental has disclosed being impacted by a cyberattack compromising personal and health information from more than 8.92 million individuals, including patients,...
The most overhyped identity trends, according to cybersecurity investors
Identiverse panelists cite identity solutions and concepts whose short-term trajectories might not live up to the buzz surrounding them.
New vulnerability gives macOS users a ‘Migraine’
The vulnerability dubbed "Migraine" by Microsoft researchers could let attackers automatically bypass system integrity protection in the macOS. Apple patched the bug on May 18.
Guardrails on AI tools like ChatGPT needed to protect secrets, CISOs say
Identiverse panelists offer tips for developing policies around how employees can safely leverage artificial intelligence tools like ChatGPT.
Armenia targeted with Pegasus spyware
Officials, journalists, and activists across Armenia were reported by Access Now, Citizen Lab, Amnesty International, CyberHUB-AM, and independent researcher Ruben Muradyan to have been targeted in at least 12 instances with the NSO Group's Pegasus spyware, Reuters reports.
Predator spyware examined
Intellexa's commercial Predator spyware, which has been used in surveillance operations targeted at European politicians, Meta executives, and journalists, has been deploying its Alien loader to the 'zygote64' Android process to enable more spyware components, according to BleepingComputer.
Offensive, defensive cybersecurity to be consolidated by US Army
DefenseScoop reports that both offensive and defensive cybersecurity portfolios of the U.S. Army will be consolidated.
US diplomacy to take significant hit should intelligence authorities renewal fail
U.S. Assistant Secretary for State Intelligence and Research Brett Holmgren has warned that Congress' failure to reauthorize a surveillance program under Section 702 of the Foreign Intelligence Surveillance Act before its expiry by yearend would take a significant toll...
New IARPA initiative seeks to evaluate cyber psychology in fight against hackers
CyberScoop reports that the Intelligence Advanced Research Projects Activity has launched the new Reimagining Security with Cyberpsychology-Informed Network Defenses project, also known as ReSCIND, which seeks to lead to the development of new software exploiting the psychological weaknesses...
Barracuda zero-day bug analysis finds new payloads, no attribution
Data was exfiltrated using bug in the company’s email security gateway appliances that was exploited since October 2022.
More states passing data privacy legislation
Montana has become the latest state to approve legislation aimed at strengthening data privacy protections, joining eight other states that have passed data privacy laws, even as such a measure continues to elude progress at the federal level, according...
New phishing campaign exploits .ZIP domain
Attackers have been leveraging the new "file archive in the browser" phishing technique that enables the creation of realistic phishing pages masquerading as legitimate file archive software, with hosting on a .ZIP domain further establishing the legitimacy of the...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
Feds, you’ll need a warrant for that cellphone border search
Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?
height="315" class="aligncenter size-full wp-image-292324" />
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?
All this and...
Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls
Enlarge (credit: Getty Images)
Firewalls made by Zyxel are being wrangled into a destructive botnet, which is taking control of them by exploiting a recently patched vulnerability with a severity...
AI-expanded album cover artworks go viral thanks to Photoshop’s Generative Fill
Enlarge / An AI-expanded version of a famous album cover involving four lads and a certain road created using Adobe Generative Fill. (credit: Capitol Records / Adobe / Dobrokotov)
Over...
