95Articles
9Categories
2023-08-14Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
14 AugOngoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 VulnerabilityE-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Mag…THEHACKERNEWS.COM
14 AugMicrosoft enables Windows Kernel CVE-2023-32019 fix for everyoneMicrosoft has enabled a fix for a Kernel information disclosure vulnerability by default for everyone after previously disabling it out of concerns it could introduce breaking changes to Windows. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
14 AugTunnelCrack Attack May Cause Vulnerable VPNs to Leak TrafficA couple of techniques collectively known as TunnelCrack can, in the right circumstances, be used by snoops to force victims' network traffic to go outside their encrypted VPNs, it was demonstrated last week.THEREGISTER.COM
14 AugDependency Confusion Attacks: New Research Into Which Businesses are At RiskDependency confusion attacks, involving malicious code injection into applications through vulnerable dependencies, pose a significant security risk to organizations, with a high percentage of applications and assets being vulnerable to such attacks.TECHREPUBLIC.COM
14 AugWhite House Wants Input on Open Source Security, Memory-Safe LanguagesThe White House ONCD released a request for information to get input from public and private sector stakeholders on key issues surrounding open-source security, a critical piece of the Biden administration’s national cybersecurity strategy.CYBERSECURITYDIVE.COM
14 AugNew Python URL Parsing Flaw Could Enable Command Execution AttacksA high-severity security flaw disclosed in the Python URL parsing function could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, resulting in arbitrary file reads and command execution.THEHACKERNEWS.COM
14 AugZoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to EavesdroppingMultiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks.THEHACKERNEWS.COM
14 AugUpdate: UK Electoral Commission had Unpatched Vulnerability on ServerLast week, the election oversight body disclosed that its systems had been broken into, and the attackers had access to the servers that host the organization's email, as well as copies of the electoral registers for the entire UK.THEREGISTER.COM
14 AugFord Says Wi-Fi Vulnerability Not a Safety Risk to VehiclesFord says a critical vulnerability in the TI Wi-Fi driver of the SYNC 3 infotainment system on certain vehicle models does not pose a safety risk. The post Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugIagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote HackingSeveral vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs. The post Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugFord Cars WiFi Vulnerability Let Attackers Execute Remote CodeFord recently identified a buffer overflow flaw in the Wi-Fi driver used by it in the SYNC 3 infotainment system. After the discovery, Ford quickly alerted about this flaw and disclosed the vulnerability publicly. Car hijacking by hackers exploiting various functions of the car i…GBHACKERS.COM
14 AugPower Management Product Flaws Can Expose Data Centers to Damaging Attacks, SpyingVulnerabilities in CyberPower and Dataprobe power management products could be exploited in data center attacks, including to cause damage and for spying. The post Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugMillions of Americans’ health data stolen after MOVEit hackers targeted IBMMillions of Americans had their sensitive medical and health information stolen after hackers exploiting a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM. Colorado’s Department of Health Care Policy and Fina…TECHCRUNCH.COM
14 AugIagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote HackingSeveral vulnerabilities in the ScrutisWeb ATM could be exploited to remotely hack ATMs. The security holes were discovered by Synack Red Team members and they were patched by the vendor in July 2023 with the release of ScrutisWeb version 2.1.38.SECURITYWEEK.COM
14 AugGootloader Malware Uses Social Engineering to Target Law Firms (or their Clients)Law firms are being targeted by a large number of social engineering attacks involving the Gootloader malware delivery tool, according to researchers at Trustwave .KNOWBE4.COM
14 AugFord Says Wi-Fi Vulnerability Not a Safety Risk to VehiclesThe issue is described as a buffer overflow that could lead to remote code execution. An attacker within the wireless range of an impacted device can trigger the flaw using a specially crafted frame.SECURITYWEEK.COM
14 AugSecureworks Lays Off Another 322 Staffers to Improve MarginsSecond Round of Layoffs Comes 6 Months After Secureworks Eliminated 9% of Employees Secureworks has executed its second round of layoffs since February, axing 15% of its workforce as the company pursues high-growth products and improved operating margins. The company will reduce …DATABREACHTODAY.CO.UK
14 AugSecureWorks layoffs affect 15% staffSecureWorks said Monday it will let go of 15% of its workforce, the cybersecurity company’s second round of layoffs this year. In a regulatory filing, SecureWorks said that it would incur about $14.2 million in expenses due to the layoffs, mostly related to employee termina…TECHCRUNCH.COM
14 AugBeware of Clickbait PDF Phishing Attacks Lurking in Search ResultsWe previously reported independently on PDF-based phishing attacks skyrocketing and the rise of SEO attacks . A recent research study found that the combination of both is quite common. Most worryingly, PDF-based SEO attacks are poorly detected by common defense mechanisms such a…KNOWBE4.COM
14 AugAll New Have I Been Pwned Domain Search APIs and Splunk IntegrationPresently sponsored by: Unpatched devices keeping you up at night? Kolide can get your entire fleet updated in days. It's Device Trust for Okta. Watch the demo! I've been teaching my 13-year old son Ari how to code since I first got him started on Scratch many years ago, and…TROYHUNT.COM
14 AugCumbria Police accidentally publish officers’ names and salaries online'Ello ello ello. What's all this then? Just days after it was learned that the police had exposed the details of their 10,000 staff in Northern Ireland, another force has admitted to an embarrassing breach of sensitive data. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
14 AugHow to hack casino card-shuffling machinesSecurity researchers have demonstrated how they were able to exploit a flaw which allowed them to hack the card-shuffling devices used in casinos and poker rooms. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
14 AugEffectively upskilling cybersecurity professionals to help close the skills gapGlobally, there are more cyberthreats than ever and a surge in attacks on operational technology (OT) , including the proliferation of new ransomware variations and the ascent of Malware-as-a-Service (MaaS) . These developments have caused many firms to place a higher premium on …CSOONLINE.COM
14 Aug10 passwordless authentication solutionsPasswords have long been the standard for authentication in computing systems, but they have been proven weak again and again by brute force or dictionary attacks , or their susceptibility to being compromised through increasingly sophisticated phishing campaigns. Passwordless--o…CSOONLINE.COM
14 AugThink like a Threat Actor to Proactively Reduce your Attack Surface - Antonio SanchezOffensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to “expose and close” vulnerabilities before they are exploited. Segment Re…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
14 AugCISO in Crisis, but Will the SEC Regulations Make a Difference and New NIST CSF Draft - BSW #316In the leadership and communications section, CISO is Crisis, Will SEC Cybersecurity Regulations Make a Difference?, NIST Drafts Major Update to Its Widely Used Cybersecurity Framework, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: ht…YOUTUBE.COM
📢 SECURITY ADVISORIES 7[−]
14 AugBeware of Fake Chrome Browser Updates that Install MalwareReports indicate that there seems to be an ongoing campaign that lures victims into installing a Remote Administration Tool called NetSupport Manager with fake Chrome browser updates. Threat actors use this remote administration software as an info stealer and to take control of …GBHACKERS.COM
14 AugChina Hacked Japan’s Military NetworksThe NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story : The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessment…SCHNEIER.COM
14 AugCharming Kitten Targets Iranian Dissidents with Advanced Cyber AttacksGermany's Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. "The cyber attacks were mainly directed against dissident organizations and individuals – such as la…THEHACKERNEWS.COM
14 AugColorado Health Agency Says 4 Million Impacted by MOVEit HackColorado’s health programs administrator says the personal information of 4 million individuals was compromised in the recent MOVEit hack. The post Colorado Health Agency Says 4 Million Impacted by MOVEit Hack appeared first on SecurityWeek .SECURITYWEEK.COM
🔥 INCIDENT REPORTING 19[−]
14 AugDHS Cyber Review Board to Examine China-Linked Cyberattacks of MicrosoftThe Department of Homeland Security's Cyber Safety Review Board will conduct its next investigation on cloud security and examine a recent cyberattack that targeted government email accounts supplied through Microsoft software.NEXTGOV.COM
14 AugThreat Intelligence’s Key Role in Mitigating Malware ThreatsThreat actors leverage malware as an initial foothold to infiltrate targeted infrastructures and move laterally to gain long-term access, cause damage, or exfiltrate data and trade secrets.HELPNETSECURITY.COM
14 AugUpdate: Lapsus$ Hackers Took SIM-Swapping Attacks to the Next LevelReviewing the group’s operations started in December last year following a long trail of incidents attributed to or claimed by Lapsus$ after leaking proprietary data from alleged victims.BLEEPINGCOMPUTER.COM
14 AugNew Financial Malware 'JanelaRAT' Targets Latin American UsersUsers in Latin America (LATAM) are the target of a financial malware called JanelaRAT that's capable of capturing sensitive information from compromised Microsoft Windows systems. "JanelaRAT mainly targets financial and cryptocurrency data from LATAM bank and financial institutio…THEHACKERNEWS.COM
14 AugMonti Ransomware Unleashes New Encryptor for LinuxThe Monti ransomware group has reemerged after a two-month break, targeting legal and government institutions with a new Linux-based variant that shows significant differences from its previous versions.TRENDMICRO.COM
14 AugAlberta Dental Service Corporation data breach impacts 1.5 million customersA malicious actor gained access to ADSC’s systems between May and July 2023CSHUB.COM
14 AugColorado warns 4 million of data stolen in IBM MOVEit breachThe Colorado Department of Health Care Policy & Financing (HCPF) is alerting more than four million individuals of a data breach that impacted their personal and health information. [...]BLEEPINGCOMPUTER.COM
14 AugColorado Warns Four Million of Data Stolen in IBM Moveit BreachThe Colorado Department of Health Care Policy & Financing (HCPF) is alerting more than four million individuals of a data breach that impacted their personal and health information.BLEEPINGCOMPUTER.COM
14 AugKnight Ransomware Distributed in Fake TripAdvisor Complaint EmailsThe Knight ransomware is being distributed in an ongoing spam campaign that pretends to be TripAdvisor complaints. Knight ransomware is a recent rebrand of the Cyclop Ransomware-as-a-Service, which switched its name at the end of July 2023.BLEEPINGCOMPUTER.COM
14 AugMonti ransomware targets VMware ESXi servers with new Linux lockerThe Monti ransomware has returned to action after a two-month hiatus, now targeting primarily legal and government organizations, and VMware ESXi servers using a new Linux variant that is vastly different from its predecessors. [...]BLEEPINGCOMPUTER.COM
14 AugQwixxRAT: New Remote Access Trojan Emerges via Telegram and DiscordA new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Te…THEHACKERNEWS.COM
14 AugResearcher says they were behind iPhone popups at Def ConSeveral attendees at the hacking conference Def Con reported seeing mysterious and persistent pop ups prompting them to use their Apple ID to connect to an Apple TV, or to share a password with an Apple TV nearby, according to attendee tweets over the weekend and people who spoke…TECHCRUNCH.COM
14 AugAfrican Electric Utility Targeted With DroxiDat MalwareAttack Underscores Critical Infrastructure Vulnerabilities Russian-speaking ransomware hackers may be responsible for deploying malware onto the network of an electric utility in southern Africa in an attack researchers say underscores heightened risks of industrial ransomware at…DATABREACHTODAY.CO.UK
14 AugHealthcare System Notifies 180,000 People 1 Year After HackMultiple Challenges Can Delay Breach Response and Notification, Experts Say A Georgia healthcare system is notifying over 180,000 individuals of a data compromise involving a hack first detected a year ago, in which attackers accessed and copied a range of patient information. Th…DATABREACHTODAY.CO.UK
14 AugMultiple Flaws Uncovered in Data Center SystemsVulnerabilities Found in CyberPower and Dataprobe Products Multiple vulnerabilities in data center power management systems and supply technologies enable threat actors to gain unauthorized access and perform remote code injection. The attackers can chain multiple vulnerabilities…DATABREACHTODAY.CO.UK
14 AugDiscord.io confirms breach after hacker steals data of 760K usersThe Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members. [...]BLEEPINGCOMPUTER.COM
14 AugCrimeware server used by NetWalker ransomware seized and shut downThe site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...NAKEDSECURITY.SOPHOS.COM
14 AugMonti Ransomware Unleashes a New Encryptor for LinuxThe Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versio…TRENDMICRO.COM
14 AugHow to prevent and prepare for a cyber catastropheRansomware and data leaks are inconvenient and costly. But what about a cyber incident that leads to mass casualties? The notion of “black swan” events — incidents that are so rare and unusual they cannot be predicted —  is a “fallacy”, ac…SECURITYINTELLIGENCE.COM
🕵️ THREAT INTELLIGENCE 18[−]
14 AugDon’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an AfterthoughtSecurity in current AI models was an afterthought in their training as data scientists amassed breathtakingly complex collections of images and text. The post Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugISC Stormcast For Monday, August 14th, 2023 https://isc.sans.edu/podcastdetail/8614, (Mon, Aug 14th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
14 AugXiaomi Mi Phones Flags Telegram as Malicious AppXiaomi, the Asian smartphone giant, has implemented measures within its MIUI operating system that flag Telegram as a malicious app.  This move has ignited discussions surrounding both technical and political dimensions, raising questions about user privacy, app censorship, …GBHACKERS.COM
14 AugAI's Role in the Next Financial Crisis: A Warning from SEC Chair Gary GenslerTL;DR - The future of finance is intertwined with artificial intelligence (AI), and according to SEC Chair Gary Gensler, it's not all positive. In fact, Gensler warns in a 2020 paper —when he was still at MIT—that AI could be at the heart of the next financial crisis, and regulat…KNOWBE4.COM
14 AugEnterprise spending on cybersecurity has changed, and vendors must adaptSara Behar Contributor Sara Behar is a content manager at YL Ventures, where she promotes the firm’s cybersecurity expertise and provides value-add support to the firm’s portfolio companies with content creation and strategic initiatives. Even in the usually exciting world of cyb…TECHCRUNCH.COM
14 AugUS Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish OperatorUS authorities have announced charges against a Polish national who allegedly operated the LolekHosted.net bulletproof hosting service. The post US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugEmail – The System Running Since 71’Working remotely is here to stay and businesses should continue to make sure their basic forms of communication are properly configured and secured. The post Email – The System Running Since 71’ appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugUS Cyber Safety Board to Review Cloud AttacksThe US government's CSRB will conduct a review of cloud security to provide recommendations on improving identity management and authentication. The post US Cyber Safety Board to Review Cloud Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
14 AugPDFiD: False Positives Revisited, (Mon, Aug 14th)10 years ago I wrote blog post " PDFiD: False Positives " to talk about false positives generated by my tool pdfid.py . ISC.SANS.EDU
14 AugData Theft Via MOVEit: 4.5 Million More Individuals AffectedLatest Tally of Clop Campaign Victims: 670 Organizations, 46 Million Individuals The fallout from the Clop cybercrime group's mass theft of data from MOVEit servers continues to increase. Colorado's state healthcare agency alone is now notifying 4 million affected individuals. Th…DATABREACHTODAY.CO.UK
14 AugKnowBe4 Celebrates Winning a Tech Cares Award From TrustRadius 2023For the fourth consecutive year, we received a Tech Cares Award from TrustRadius! This fourth annual award celebrates companies that have gone above and beyond to provide strong Corporate Social Responsibility (CSR).KNOWBE4.COM
14 AugActivist Investor Directs OneSpan to Pursue 'Immediate Sale'Legion Partners Calls on Identity Verification Provider to Reduce Costs, Find Buyer An activist investor urged identity verification and e-signature provider OneSpan to cut costs, return more money to shareholders and find a buyer for the company. "We strongly believe there are n…DATABREACHTODAY.CO.UK
14 AugThreat actors use beta apps to bypass mobile app store securityThe FBI is warning of a new tactic used by cybercriminals where they promote malicious "beta" versions of cryptocurrency investment apps on popular mobile app stores that are then used to steal crypto. [...]BLEEPINGCOMPUTER.COM
14 AugSecuring your Browser & The Journey to Password[less] - Karim Toubba, Mike Fey - BSW #316The modern web browser is the single most commonly used application by enterprises worldwide. Its power, simplicity, and usability makes it an essential tool at work. And yet, the browser is not an enterprise application. It lacks the fundamental controls enterprises require to e…YOUTUBE.COM
14 AugEnterprise News | Black Hat Executive Interviews | More Interviews From Black Hat - ESW328This week, we kick things off with our weekly Enterprise News. Then we will be airing some interviews from Black Hat 2023, with Mickey Bresman, CEO at Semperis, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, & Matthias Vallentin, CEO and Founder at Tenzi…YOUTUBE.COM
14 AugDilithium | Africa | Suse | Citrix | QR | AI | Aaron Leyland & more – SWN319This week, Doug Talks: Dilithium, Africa, Suse, Citrix, QR, AI, Aaran Leyland, and more on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn319 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our website: https://www.securitywe…YOUTUBE.COM
14 AugHow They Bypass YouTube Video Download Throttlingsubmitted by vedard to cybersecurity 59 points | 0 comments https://blog.0x7d0.dev/history/how-they-bypass-youtube-video-download-throttling/0X7D0.DEV
14 AugThe data of 760,000 Discord.io users was put up for sale on the darknetsubmitted by L4s to secops 6 points | 0 comments https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet/ The data of 760,000 Discord.io users was put up for sale on the darknet::Note: I’ve gone ahead and updated the featured image, so it doe…STACKDIARY.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
14 AugDo You Speak Multiple Languages? Malware Does.The malware is packed twice to evade detection, including the use of a Go crypter called ShellGo. The malware payload is a remote access trojan (RAT) called AsyncRAT, which is executed in memory through a complex sequence of function calls.THREATRESEARCH.EXT.HP.COM
14 AugSingapore Bank’s New App Security Feature Irks CustomersOCBC introduced a security feature that locks out access if it detects mobile apps downloaded from unofficial app stores on the user's phone. The bank cites the need to safeguard against malware, but is instead frustrating customers.ZDNET.COM
14 AugHow Executives’ Personal Devices Threaten Business SecurityWhile the cyber threat landscape has seen this major shift, security software to manage these direct personal risks has not kept up to protect public-facing individuals and leaders the way large enterprise organizations have.HELPNETSECURITY.COM
14 AugOver 100K hacking forums accounts exposed by info-stealing malwareResearchers discovered 120,000 infected systems that contained credentials for cybercrime forums. Many of the computers belong to hackers, the researchers say. [...]BLEEPINGCOMPUTER.COM
14 AugChatGPT Highlights a Flaw in the Educational SystemRethinking learning metrics and fostering critical thinking in the era of generative AI and LLMsTRENDMICRO.COM
🎙️ PODCASTS 1[−]
14 AugCyber Security Today, August 14, 2023 - A huge insurance company hack, presentations at the Black Hat conference, and moreThis episode reports on the hack of Hub International, advantages of honeypots, artificial intelligence and moreCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 19[−]
14 AugIndia Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy FirstThe Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill (DPDPB) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for t…THEHACKERNEWS.COM
14 AugNDR for XDR now available in early accessDon’t delay: the early access program runs now through December.SOPHOS.COM
14 AugHow to Handle API Sprawl and the Security Threat it PosesWith recent reports indicating that API vulnerabilities are costing businesses billions of dollars annually, it’s no wonder they are at the top of mind of many cybersecurity professionals.HELPNETSECURITY.COM
14 AugIdentity Threat Detection and Response: Rips in Your Identity FabricWhy SaaS Security Is a Challenge In today's digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The…THEHACKERNEWS.COM
14 AugHacktivists Claim Attacks Against 21 Organizations Over Fukushima Wastewater ReleaseAnonymous Italia, a group claiming to be affiliated with the hacktivist collective Anonymous, has launched cyber protests against the Japanese government over its decision to release wastewater from the Fukushima Daini Nuclear Power Plant.THEREGISTER.COM
14 AugNine Flaws in CyberPower and Dataprobe Solutions Expose Data Centers to HackingResearchers from Trellix Advanced Research Center discovered multiple vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU).SECURITYAFFAIRS.COM
14 AugCriminal IP Teams Up with PolySwarm to Strengthen Threat DetectionThe addition of Criminal IP as a new contributor to PolySwarm's malicious URL detection represents a significant leap in specialized threat identification. Learn more from Criminal IP about this new collaboration. [...]BLEEPINGCOMPUTER.COM
14 AugFBI warns of increasing cryptocurrency recovery scamsThe FBI is warning of an increase in scammers pretending to be recovery companies that can help victims of cryptocurrency investment scams recover lost assets. [...]BLEEPINGCOMPUTER.COM
14 AugHow to Block API Attacks in Real TimeThe Different Types of API Attacks and Best Practices for API Security Real-time protection against API attacks is nonnegotiable for the protection of any web application or digital service that relies on application programming interfaces. Here are some of the most common types …DATABREACHTODAY.CO.UK
14 AugDiligere, Equity-Invest Are New Firms of U.K. Con ManJohn Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Inves…KREBSONSECURITY.COM
14 Aug“Grab hold and give it a wiggle” – ATM card skimming is still a thingThe rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...NAKEDSECURITY.SOPHOS.COM
14 AugOT Security is Less Mature but Progressing RapidlyThe latest study said that OT security is less mature in several capabilities than IT security, but most organizations are improving it.TRENDMICRO.COM
14 AugAndroid Data Encryption in depthJoin us in our journey into modern Android's Data Encryption at rest, in which we study how it works and assess how resistant it is against attackers having access to a range of high end software vulnerabilities.QUARKSLAB.COM
14 AugBlack Hat 2023: How AI changes the monetization of searchSearch engines, AI, and monetization in the new eraWELIVESECURITY.COM
14 AugBlack Hat 2023: AI gets big defender prize moneyBlack Hat is big on AI this year, and for a good reasonWELIVESECURITY.COM