102Articles
8Categories
2024-02-08Date
🚨 CISA KEV 1[−]
8 Feb KEVCISA Adds Google Chromium V8 Type Confusion Bug to its Known Exploited Vulnerabilities CatalogThe vulnerability, tracked as CVE-2023-4762, can allow a remote attacker to execute arbitrary code via a crafted HTML page, and has been exploited by threat actors to install spyware on both Apple and Android devices.SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
8 FebCritical Patches Released for New Flaws in Cisco, Fortinet, VMware ProductsCisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-2…THEHACKERNEWS.COM
8 FebGoogle Fixed an Android Critical Remote Code Execution FlawGoogle has released the February 2024 security patches for Android to fix 46 vulnerabilities, including a critical remote code execution flaw (CVE-2024-0031) in the System component.SECURITYAFFAIRS.COM
8 FebResearchers say attackers are mass-exploiting new Ivanti VPN flawHackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security flaws — tracked as CVE-2024-21888 and CVE-2024-21893 — affecting Connect Secure, its …TECHCRUNCH.COM
8 FebChromium: CVE-2024-1283 Heap buffer overflow in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
8 FebChromium: CVE-2024-1284 Use after free in MojoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
8 FebFortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure AttacksFortinet warns that Chinese and other APTs are exploiting CVE-2022-42475 and CVE-2023-27997 in attacks. The post Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 21[−]
8 FebGoogle Cybersecurity Action Team Threat Horizons Report #9 Is Out!This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 , #5 , #6 …MEDIUM.COM
8 FebGoogle starts blocking users from sideloading certain apps in SingaporeTo reduce financial scams, Google has started a new program to prevent users from sideloading certain apps in Singapore. The company is looking to block sideloaded apps that abuse Android permissions to read one-time passwords received through SMS and notifications. Google said t…TECHCRUNCH.COM
8 FebIs your cloud security strategy ready for LLMs?The aggressive use of large language models (LLMs) across enterprise environments in 2024 presents a new headache for CISOs. LLMs have their own cybersecurity challenges , especially with data leakage. The cloud has its own issues, with cloud platform providers making changes wit…CSOONLINE.COM
8 FebChina-backed ‘Volt Typhoon’ preparing wave of attacksUS cybersecurity officials, alongside their counterparts in Australia, Canada, the UK, and New Zealand, have published a warning that the China state-sponsored hacking group “Volt Typhoon” is preparing a wave of attacks against critical infrastructure should relations between…CSOONLINE.COM
8 FebBSides London 2023submitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/81c2973a-7370-468a-a4e8-6db5aa9ca1bc.png BSides London 2023 Schedule BSides London 2023 Playlists BSides London 2023 Clappy Monkey Track BSides London 2023 Track 2 BSides London 2023 Track 3…INFOSEC.PUB
8 FebIntroducing Smart Answers, a genAI tool for CSO readersToday we launched Smart Answers, a generative AI chatbot that answers your questions based on our editorial content. The goal is simple: To help you, our readers, find relevant, accurate, up-to-date information that you can trust. And if you can do that using an interface that is…CSOONLINE.COM
8 FebCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on February 8, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-039-01 Qolsys IQ Panel 4, IQ4 HUB ICSA-23-082-06 ProPump and Contro…CISA.GOV
8 FebCisco Releases Security Advisory for Vulnerabilities in Cisco Expressway SeriesCisco released a security advisory to address vulnerabilities affecting Cisco Expressway Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Expressway Series a…CISA.GOV
8 FebChinese State-Sponsored Actors Compromised and Maintained Persistent Access to U.S. Critical Infrastructure for Five YearsVolt Typhoon's tactics involve extensive pre-compromise reconnaissance, targeting of public-facing network appliances, exploitation of vulnerabilities, and use of living off the land (LOTL) techniques to maintain long-term undiscovered persistence.CISA.GOV
8 FebLinux Distros Hit by RCE Vulnerability in Shim Bootloadersubmitted by IllNess to securitynews 1 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/rce-vulnerability-in-shim-bootloader-impacts-all-linux-distrosDARKREADING.COM
8 Feb24 on 2024: Asia-Pacific’s cybersecurity thought leaders share their predictions and aspirationsIn 2024, anticipation and speculation regarding the future of cybersecurity have reached a crescendo. Against a dynamic backdrop of technological advancement, socio-political shifts, and new threats; predictions and aspirations for the year abound with both hope and apprehension.…CSOONLINE.COM
8 FebCISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository SecurityToday, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecos…CISA.GOV
8 FebWatch Out For Valentine’s Day Romance ScamsUsers should be wary of online romance scams ahead of Valentine’s Day, according to Imogen Byers at ESET. While in the past these scams could often be thwarted by using reverse image search on the scammers’ profile photos, criminals can now use generative AI tools to create reali…KNOWBE4.COM
8 FebPhishing attack uses compromised SendGrid accounts to target additional usersA group of attackers have compromised accounts on the SendGrid email delivery platform and are using them to launch phishing attacks against other SendGrid customers. The campaign is likely an attempt to collect credentials for a mass email service with a good reputation that wou…CSOONLINE.COM
8 FebIvanti: Patch new Connect Secure auth bypass bug immediatelyToday, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. [...]BLEEPINGCOMPUTER.COM
8 FebYou Can’t Defend What You Can’t Define - Sergey Bratus - PSW #816As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use.…YOUTUBE.COM
8 FebZero-Trust is Meaningless if Your Cryptography is Flakey with Vincent Berk – ESW #349Zero-Trust is Meaningless if Your Cryptography is Flakey with Vincent Berk, Chief Strategy and Revenue Officer at Quantum Xchange – ESW #349 Legacy systems are riddled with outdated and unreliable cryptographic standards. So much so that recent proprietary research found 61 perce…YOUTUBE.COM
8 FebBreach Roundup: US Bans AI RobocallsAlso: A Widespread Linux Bootloader Vulnerability This week, the U.S. banned AI robocalls, researchers discovered a Linux bootloader flaw, France investigated health sector hackings, the feds offered money for Hive information, Verizon disclosed an insider breach, Germany opened …DATABREACHTODAY.CO.UK
8 FebZero-Trust is Meaningless if Your Cryptography is Flakey - Vincent Berk - ESW #349Legacy systems are riddled with outdated and unreliable cryptographic standards. So much so that recent proprietary research found 61 percent of the traffic was unencrypted, and up to 80% of encrypted network traffic has some defeatable flaw in its encryption No longer can enterp…YOUTUBE.COM
8 FebNew Fortinet RCE flaw in SSL VPN likely exploited in attacksFortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. [...]BLEEPINGCOMPUTER.COM
8 FebCisco Patches Critical Vulnerabilities in Enterprise Communication DevicesTwo critical vulnerabilities in Cisco Expressway series devices can be exploited in CSRF attacks without authentication. The post Cisco Patches Critical Vulnerabilities in Enterprise Communication Devices appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 6[−]
8 FebBiden Administration Names a Director of the New AI Safety InstituteThe Biden administration named Elizabeth Kelly as the director of the newly established safety institute for artificial intelligence. The post Biden Administration Names a Director of the New AI Safety Institute appeared first on SecurityWeek .SECURITYWEEK.COM
8 FebNIST’s International Cybersecurity and Privacy Engagement Update – International Dialogues, Workshops, and TranslationsWith the new year under way, NIST is continuing to engage with our international partners to enhance cybersecurity. Here are some updates on our international work from the end of 2023 into the beginning of 2024: Conversations have continued with our partners throughout the world…NIST.GOV
8 FebSuspected EncroChat Admin Extradited to FranceAuthorities Hacked the End-to-End Encryption Platform in 2020 The Dominican Republic earlier this month extradited to France a suspected administrator of now-defunct encrypted messaging service EncroChat. The extradition is the latest in a series of actions European authorities h…DATABREACHTODAY.CO.UK
8 FebWhite House Targets Software Provider AccountabilityAdministration Developing 'Liability Regimes' for Manufacturers, Top Official Says National Cyber Director Harry Coker said the administration is introducing a new set of "liability regimes" to hold software providers accountable for deploying unsafe systems, but experts say proc…DATABREACHTODAY.CO.UK
8 FebFederal Cybersecurity Agency Launches Program to Boost Support for State, Local Election OfficesCISA launched a program aimed at boosting election security, shoring up support for local offices and hoping to provide reassurance to voters that elections will be safe and accurate. The post Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Electio…SECURITYWEEK.COM
🔥 INCIDENT REPORTING 19[−]
8 FebSmashing Security podcast #358: Hong Kong hijinks, pig butchers, and poor ransomware gangsIs this the real life? Is this just fantasy? A company in Hong Kong suffers a sophisticated deepfake duping, be one your guard from pig butchers as Valentine's Day approaches, and spare a moment to feel sorry for poor ransomware gangs. All this and much much more is discussed in …GRAHAMCLULEY.COM
8 FebRecord-Breaking Ransomware Profits Surpassed $1B in 2023The rise in ransomware profits in 2023 marks a significant reversal from the decline observed in 2022, driven by the innovation and resilience of top-tier ransomware groups.BANKINFOSECURITY.COM
8 FebGroup-IB bets on AI to improve threat intelligence and incident responseSingapore-based cybersecurity provider Group-IB has added new AI abilities to its flagship SaaS offering, Unified Risk Platform (URP), to harden proprietary threat detection and response capabilities. The platform, which provides adversary and attack path intelligence, has receiv…CSOONLINE.COM
8 FebUnprecedented Rise of Malvertising as a Precursor to RansomwareCybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report.KNOWBE4.COM
8 FebFunerals Reportedly Canceled Due to Ransomware Attack on Austrian TownThe municipality of Korneuburg in Austria was hit by a ransomware attack, leading to data encryption and the cancellation of funerals due to the inability to issue death certificates.THERECORD.MEDIA
8 FebData breaches at Viamedis and Almerys impact 33 million in FranceData breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country. [...]BLEEPINGCOMPUTER.COM
8 FebUS insurance firms sound alarm after 66,000 individuals impacted by SIM swap attackTwo US insurance companies are warning that thousands of individuals' personal information may have been stolen after hackers compromised computer systems. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
8 FebDevice Authority Raises $7M in Series A FundingThe company specializes in identity and access management for enterprise IoT ecosystems, offering solutions to reduce human error, accelerate incident response, and establish trust in connected environments.FINSMES.COM
8 FebUS offers $10 million for tips on Hive ransomware leadershipThe U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. [...]BLEEPINGCOMPUTER.COM
8 FebCybersecurity Resiliency and Your Board of DirectorsGrowing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors (BOD) a critical business requirement.KNOWBE4.COM
8 FebHyundai Motor Europe hit by Black Basta ransomware attackCar maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. [...]BLEEPINGCOMPUTER.COM
8 FebFeds Warn Health Sector About Akira Again, Amid New AttacksRecent Victims Include Pennsylvania Emergency Dispatch System U.S. federal authorities are again warning the healthcare sector about threats from the Akira ransomware group. The latest alert comes on the heels of several recent attacks by the gang, including one last month on Buc…DATABREACHTODAY.CO.UK
8 FebFake IDs threaten ID verification services, PANW hits $100B valuation, and other news - ESW #349This week, we discussed how a quick (minutes) and cheap ($15 a pop) fake ID service creates VERY convincing IDs that are possibly good enough to fool ID verification services, HR, and a load of other scenarios where it's common to share images of an ID. Kudos to 404Media's work t…YOUTUBE.COM
8 FebCyber Security Today, Feb. 9, 2024 - A record US$1 billion paid to ransomware gangs last yearThis episode reports on ransomware payments, a US$10 million bounty on a ransomware gang, and moreCYBERSECURITYTODAY.LIBSYN.COM
8 FebThe buck stops here: Why the stakes are high for CISOsHeavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?WELIVESECURITY.COM
8 FebRansomware Payments Surpassed $1 Billion in 2023: AnalysisThe payments made by victims in response to ransomware attacks doubled in 2023 compared to 2022, according to Chainalysis. The post Ransomware Payments Surpassed $1 Billion in 2023: Analysis appeared first on SecurityWeek .SECURITYWEEK.COM
8 FebIran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: MicrosoftIran’s offensive cyber operations against Israel went from chaotic in October 2023 to targeting new geographies a month later. The post Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft appeared first on SecurityWeek .SECURITYWEEK.COM
8 FebMicrosoft Copilot for Security provides immediate impact for the Microsoft Defender Experts teamMicrosoft Copilot for Security provides tangible applications to the Defender Experts’ daily work—including building incident narratives, analyzing threats, time-saving tips, upskilling, and more. The post Microsoft Copilot for Security provides immediate impact for the Microsoft…MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 24[−]
8 FebShmooCon 2024 Videos are up!submitted by L4s to secops 1 points | 0 comments https://archive.org/details/shmoocon2024 ShmooCon 2024 Videos are up!::ShmooCon 2024by Shmoo Group, various presentersThe videos in this collection are from ShmooCon 2024, which occurred on 12 - 14 January 2024, at the Washington…ARCHIVE.ORG
8 FebISC Stormcast For Thursday, February 8th, 2024 https://isc.sans.edu/podcastdetail/8844, (Thu, Feb 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 FebBeware of Facebook Ads That Deliver Password-Stealing MalwareA new malware called Ov3r_Stealer was found to be intended for stealing cryptocurrency wallets and passwords and then sending them to a Telegram channel that the threat actor maintains. Identified early in December, the malware was spread via a Facebook advertisement for an accou…GBHACKERS.COM
8 FebA Python MP3 Player with Builtin Keylogger Capability, (Thu, Feb 8th)I don&#;x26;#;39;t know if there is a trend but I recently found some malicious Python scripts (targeting Windows hosts) that include a GUI. They don&#;x26;#;39;t try to hide from the victim but, on the opposite, they try to…ISC.SANS.EDU
8 FebKimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South KoreaThe North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer. The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen capture…THEHACKERNEWS.COM
8 FebChinese Hackers Fail to Rebuild Botnet After FBI TakedownThe Chinese threat group Volt Typhoon, also known as Bronze Silhouette, attempted to revive a botnet used in attacks on critical infrastructure in the U.S. after the FBI dismantled it.BLEEPINGCOMPUTER.COM
8 FebRecommended AppSec conferences in Europe?submitted by N7x to cybersecurity 1 points | 0 comments Hello everyone, I hope this post belongs here, otherwise I’ll move it to !appsec@infosec.pub . I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like …INFOSEC.PUB
8 FebOn Software LiabilitiesOver on Lawfare, Jim Dempsey published a really interesting proposal for software liability: “Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor.” Section 1 of this paper sets the stage by briefly describing the p…SCHNEIER.COM
8 Feb81% of Organizations Cite Phishing as the Top Security RiskOrganizations are finally dialing in on where they need to focus their cybersecurity strategies, starting with phishing . But the top four cited security risks all have one element in common.KNOWBE4.COM
8 FebShellcode evasion using Wasm/Wat and Rustsubmitted by L4s to secops 1 points | 0 comments https://balwurk.com/shellcode-evasion-using-webassembly-and-rust/ Shellcode evasion using Wasm/Wat and Rust::undefinedBALWURK.COM
8 FebCritical Cisco Expressway Flaw Let Remote Execute Arbitrary CodeCisco released patches to address multiple vulnerabilities in the Cisco Expressway Series that might allow an attacker to do arbitrary operations on a vulnerable device. Cisco Expressway Series includes Cisco Expressway Control (Expressway-C) and Cisco Expressway Edge (Expressway…GBHACKERS.COM
8 FebKimsuky APT Disguises as a Korean Company to Distribute Troll StealerTroll Stealer's similarities to known malware families linked to Kimsuky, such as AppleSeed and AlphaSeed, raise concerns about the group's offensive cyber operations and its targeting of South Korean entities.MEDIUM.COM
8 FebCryptohack Roundup: FTX Hacker Was a SIM SwapperAlso: AI Fake IDs Pass Crypto Exchange KYC; Treasury and SEC Address Crypto Issues This week, SIM swappers were linked to the FTX hack, AI-generated fake IDs likely bypassed crypto KYC checks, the Treasury addressed the illicit use of crypto, the SEC increased crypto oversight, Q…DATABREACHTODAY.CO.UK
8 FebGetting More Out of Investments in Network-Centric SolutionsInvestor Pramod Gosavi on Network Access, Endpoint Controls in a Zero Trust World Venture capital investor Pramod Gosavi discussed the drawbacks of relying on network-centric cybersecurity solutions that are driving up costs. He recommended proactive strategies, such as zero trus…DATABREACHTODAY.CO.UK
8 FebChinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a DecadeThe U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transpo…THEHACKERNEWS.COM
8 FebHijackLoader Evolves: Researchers Decode the Latest Evasion MethodsThe threat actors behind a loader malware called HijackLoader have added new techniques for defense evasion, as the malware continues to be increasingly used by other threat actors to deliver additional payloads and tooling. "The malware developer used a standard proces…THEHACKERNEWS.COM
8 FebNumber of Attacks Against Critical Infrastructure Is GrowingNew Report Shows a Surge in OT/IoT Threats and a 123% Increase in Hacking Attempts Threats to critical infrastructure are on the rise, as threat actors continue to scan networks, attack networks and devices, and try to get past access controls. At the same time, according to a ne…DATABREACHTODAY.CO.UK
8 FebCohesity Is Set to Acquire Veritas' Data Protection BusinessThe Combined Company Will Be Worth $7B, Firms Say Data security vendor Cohesity will acquire the data protection business of Veritas in a stock and debt transaction resulting in a combined firm by the end of this year, the companies announced Thursday. The deal values the combine…DATABREACHTODAY.CO.UK
8 FebLimaCharlie Lands $10.2 Million Series A FundingCalifornia startup lands new financing to build and supply tools to run an MSSP or SOC on a pay-as-you-use model. The post LimaCharlie Lands $10.2 Million Series A Funding appeared first on SecurityWeek .SECURITYWEEK.COM
8 FebGoogle Announces Enhanced Fraud Protection for AndroidGoogle Play Protect will block the installation of sideloaded applications requesting permissions frequently abused by fraudsters. The post Google Announces Enhanced Fraud Protection for Android appeared first on SecurityWeek .SECURITYWEEK.COM
8 FebHow to Predict Your Patching PrioritiesImplementing a smart and timely approach to patching remains one of the primary ways for organizations to protect their networks from attackers. The post How to Predict Your Patching Priorities appeared first on SecurityWeek .SECURITYWEEK.COM
8 FebWere 3 Million Toothbrushes Really Used for a DDoS Attack?Three million electric toothbrushes were reportedly used for disruptive DDoS attacks, but cybersecurity experts questioned the claims. The post Were 3 Million Toothbrushes Really Used for a DDoS Attack? appeared first on SecurityWeek .SECURITYWEEK.COM
8 FebNews alert: Diversified, GroCyber form partnership to deliver media-centric cybersecurity solutionsKenilworth, NJ, Feb. 8, 2024 – Diversified , a leading global technology solutions provider, today announced a partnership and trio of solutions with GroCyber. Together, the companies are empowering AV and media companies to improve their cybersecurity stance by providing ……LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
8 FebTooth be told: Toothbrush DDoS attack claim was lost in translation, says FortinetAfter hundreds of media outlets worldwide repeated the false claim that a botnet of three million toothbrushes attacked a Swiss company, the cybersecurity firm at the centre of the story has now issued a statement.GRAHAMCLULEY.COM
8 FebSurge in deepfake “Face Swap” attacks puts remote identity verification at riskNew research shows a 704% increase in deepfake "face swap" attacks from the first to the second half of 2023. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
8 FebRound 3 in the toothbrush DDoS debacle!We thought it was all over... but a Swiss newspaper has come out fighting, blaming Fortinet for spreading untruths about a toothbrush botnet. Will Fortinet return for Round 4, or is this a knockout punch?GRAHAMCLULEY.COM
8 FebAndroid XLoader malware can now auto-execute after installationA new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 21[−]
8 FebCritical Cisco Bug Exposes Expressway Gateways to CSRF AttacksThe vulnerabilities impact devices with default configurations and can lead to system configuration modifications, creation of privileged accounts, and denial of service conditions.BLEEPINGCOMPUTER.COM
8 FebDenmark Orders Schools to Stop Sending Student Data to GoogleThe Danish data protection authority has issued an injunction regarding the transfer of student data to Google through the use of Chromebooks and Google Workspace services in schools.BLEEPINGCOMPUTER.COM
8 FebNinjaOne Raises $231.5M in Series C FundingThe funding will be used to accelerate customer success, support, product innovation, and growth, as NinjaOne aims to empower IT teams with visibility, security, and control over endpoints.FINSMES.COM
8 FebFacebook Fatal Accident Scam Still Rages OnCybercriminals are using legitimate services like googleapis.com to fingerprint users and redirect them to specific types of scams based on their analysis of the user's IP address, machine type, and VPN usage.MALWAREBYTES.COM
8 FebGoogle teases a new modern look for sign-in pages, including GmailGoogle is on the brink of refreshing its sign-in pages, including Gmail, with a sleek, modern makeover. [...]BLEEPINGCOMPUTER.COM
8 FebOne-time passwords and 2FA codes — what to do if you receive one without requesting it | Kaspersky official blogAn unexpected message with a one-time login code could indicate an attempt to hack your account. Here's a step-by-step guide on what to do.KASPERSKY.COM
8 FebClosinglock, now with $12M, wants to prevent the 1 in 10 real estate transactions targeted for fraudUsers log into Closinglock's portal where real estate transaction wiring instructions are accessed instead of provided via email. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
8 FebSecurity flaw in a popular smart helmet allowed silent location trackingThe maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to talk with each other using the helmet&…TECHCRUNCH.COM
8 FebHijackLoader Expands Techniques to Improve Defense EvasionThe HijackLoader sample exhibits complex multi-stage behavior, including process hollowing, transacted section hollowing, and user mode hook bypass using Heaven’s Gate, to inject and execute the final payload while evading detection.CROWDSTRIKE.COM
8 FebWhat Generative AI Means for Cybersecurity in 2024After a full year of life with ChatGPT cybersecurity experts have a clearer sense of how criminals are using generative AI to enhance attacks - learn what generative AI means for cybersecurity in 2024.TRENDMICRO.COM
8 FebWhat Generative AI Means for Cybersecurity in 2024After a full year of life with ChatGPT cybersecurity experts have a clearer sense of how criminals are using generative AI to enhance attacks - learn what generative AI means for cybersecurity in 2024.TRENDMICRO.COM
8 FebFake LastPass password manager spotted on Apple’s App StoreLastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [...]BLEEPINGCOMPUTER.COM
8 FebGoogle saves your conversations with Gemini for years by defaultDon’t type anything into Gemini, Google’s family of GenAI apps, that’s incriminating — or that you wouldn’t want someone else to see. That’s the PSA (of sorts) today from Google, which in a new support document outlines the ways in which it col…TECHCRUNCH.COM
8 FebMicrosoft unveils new 'Sudo for Windows' feature in Windows 11Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. [...]BLEEPINGCOMPUTER.COM
8 FebMicrosoft fixes Copilot issue blocking Windows 11 upgradesMicrosoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. [...]BLEEPINGCOMPUTER.COM
8 FebUnified Identity – look for the meaning behind the hype!If you've listened to software vendors in the identity space lately, you will have noticed that “unified” has quickly become the buzzword that everyone is adopting to describe their portfolio. And this is great! Unified identity has some amazing benefits!  However (there is …THEHACKERNEWS.COM
8 FebGoogle Starts Blocking Sideloading of Potentially Dangerous Android Apps in SingaporeGoogle has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data. "This enhanced fraud protection will analyze and automatically block the installa…THEHACKERNEWS.COM