🚨 CISA KEV 1[−]
22 Feb KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-1709 ConnectWise ScreenConnect Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyb…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 27[−]
22 FebSmashing Security podcast #360: Lockbit locked out, and funeral Facebook scamsHeaven's above! Scammers are exploiting online funerals, and Lockbit - the "Walmart of Ransomware" - is dismantled in style by cyber cops. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Th…GRAHAMCLULEY.COM
22 FebCritical infrastructure attacks aren’t all the same: Why it matters to CISOsCyberattacks against critical infrastructure are always big news, but recent headlines have once again thrust the threat faced by Western democracies from foreign powers in this domain back onto the agenda of everyday citizens. Most prominently, the director of the US Federal Bur…CSOONLINE.COM
22 FebNCSC-UK Sounds Alarm Over Private Branch Exchange AttacksThe UK's National Cyber Security Centre (NCSC) has warned smaller organizations about the potential vulnerability of their private branch exchange (PBX) phone systems to cyberattacks.INFOSECURITY-MAGAZINE.COM
22 FebCybercriminals Weaponizing Open-Source SSH-Snake Tool for Network AttacksA recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout…THEHACKERNEWS.COM
22 FebResearchers Find Monumental Rise in Valid Account AttacksThe IBM X-Force Threat Intelligence Index report found that valid account compromises were the most common way for cyber attackers to gain access in 2023, with a 71% increase in such attacks.CYBERSECURITYDIVE.COM
22 FebBiden’s maritime cybersecurity actions target China threatsThe Biden administration released an ambitious set of initiatives that includes an executive order and a series of other actions to strengthen the cybersecurity of the American marine transportation system (MTS). The administration also wants to pave the way for a revived domesti…CSOONLINE.COM
22 FebAstaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaignssubmitted by kid to cybersecurity 1 points | 0 comments https://blog.talosintelligence.com/google-cloud-run-abuse/ Cisco Talos researchers have reported an alarming rise in banking malware campaigns exploiting Google Cloud Run, with evidence of spread from Latin America to Europe…TALOSINTELLIGENCE.COM
22 FebIdentity hacking saw sharp rise 2023Threat actors, frequently frustrated by improved enterprise security systems, increased their efforts to compromise credentials in 2023, according to CloudStrike’s 10th annual global threat report released Wednesday. “Threat actors are running into EDR products out there that are…CSOONLINE.COM
22 FebLockBit Ransomware Group Building New Locker Before TakedownNumerous Impediments Remain, Should Administrators Attempt to Reboot Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being disrupted, security researchers re…DATABREACHTODAY.CO.UK
22 FebUS Offering $10M for LockBit Leaders as Law Enforcement Taunts CybercriminalsThe US is offering big rewards for information on LockBit cybercriminals as law enforcement claims to have identified some individuals. The post US Offering $10M for LockBit Leaders as Law Enforcement Taunts Cybercriminals appeared first on SecurityWeek .SECURITYWEEK.COM
22 FebLockBit Group Prepped New Crypto-Locker Before TakedownNumerous Impediments Remain, Should Administrators Attempt to Reboot Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being disrupted, security researchers re…DATABREACHTODAY.CO.UK
22 FebApex Code Vulnerabilities Let Hackers Steal Salesforce DataHackers target Apex code vulnerabilities in Salesforce to exploit security weaknesses, gain unauthorized access to sensitive data, or manipulate the system. Apex is a powerful language that enables the customization of Salesforce with Java-like syntax. It executes logic, controls…GBHACKERS.COM
22 FebLockBit ransomware secretly building next-gen encryptor before takedownLockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. [...]BLEEPINGCOMPUTER.COM
22 Feb1Password Expands Its Endpoint Security Offerings With Kolide Acquisition1Password, a password management software developer, has acquired Kolide, an endpoint security platform, for an undisclosed amount. Kolide's device security and contextual access management solution will be integrated into 1Password's offerings.TECHCRUNCH.COM
22 FebLockBit Group Prepared New Crypto-Locker Before TakedownNumerous Impediments Remain If Administrators Attempt to Reboot the Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being shut down, security researchers rep…DATABREACHTODAY.CO.UK
22 FebNew Open-Source Self-Modifying Worm Tool SSH-Snake Threatens NetworksThe worm autonomously searches for SSH credentials, modifies itself to remain fileless, and uses a variety of methods to collect private keys, making it difficult to detect statically.SYSDIG.COM
22 FebCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on February 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft CISA encourages users and…CISA.GOV
22 FebScreenConnect servers hacked in LockBit ransomware attacksAttackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. [...]BLEEPINGCOMPUTER.COM
22 FebCheck Point unveils AI-powered Quantum Force firewallsAfter a year in which AI has become ubiquitous, it’s time to prove that we know how to use it, and to move towards a more professional use of it in our work routine, Check Point CEO Gil Shwed told attendees at the company’s CPX 2024 event in Vienna on Wednesday. The company p…CSOONLINE.COM
22 FebBitwarden’s new auto-fill option adds phishing resistanceThe Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. [...]BLEEPINGCOMPUTER.COM
22 FebMultiple Vulnerabilities in ConnectWise ScreenConnect Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in ConnectWise ScreenConnect, the most severe of which could allow for remote code execution. ConnectWise ScreenConnect is ConnectWise's remote desktop and mobile support solutions to allow technicians to perform remote support, gain …CISECURITY.ORG
22 FebMicrosoft now force installing Windows 11 23H2 on eligible PCsMicrosoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. [...]BLEEPINGCOMPUTER.COM
22 FebAustralian government back on top 5 sectors with most reported data breachesAfter more than two years the Australian government is back to the top five sectors with the most reported data breaches to the Office of the Australian Information Commissioner (OAIC). The Australian government is also the only of the five sectors that had human error as the top…CSOONLINE.COM
22 FebChange Healthcare Cyber Outage Disrupts Firms NationwideHHS Issues Special Alert Urging Providers and Contractors to 'Stay Vigilant' Change Healthcare - a unit of Optum that provides IT services and applications to hundreds of U.S. pharmacies, payers and healthcare providers - is dealing with a cyber incident that has forced the compa…DATABREACHTODAY.CO.UK
22 FebA Vulnerability in Junos OS Could Allow for Remote Code ExecutionA vulnerability has been discovered in the Junos OS, which could allow for remote code execution. Junos OS is a FreeBSD-based network operating system used in Juniper Networks routing, switching and security devices. Successful exploitation could allow for remote code execution i…CISECURITY.ORG
22 FebNew ScreenConnect RCE flaw exploited in ransomware attacksAttackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 1[−]
22 FebMultiple FreeImage Vulnerabilities Fixed in UbuntuOn 16th January 2024, the Ubuntu security team released critical security updates addressing several FreeImage vulnerabilities in different Ubuntu releases, including Ubuntu 16.04 and Ubuntu 18.04.TUXCARE.COM
📢 SECURITY ADVISORIES 6[−]
22 FebRussian Government Software Backdoored to Deploy Konni RAT MalwareAn installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called Konni RAT (aka UpDog). The findings come from German cybersecurity company DCSO, which linke…THEHACKERNEWS.COM
22 FebLeak of China’s Hacking Documentation Stunned ResearchersIn a startling revelation that has sent shockwaves through the cybersecurity community, a massive data leak has exposed the inner workings of I-Soon (上海安洵), a Chinese tech security firm with deep ties to the country’s government agencies, including the Ministry of Public Se…GBHACKERS.COM
22 FebUS Government Issues Guidance on Securing Water SystemsCISA, FBI and EPA release guidance on how Water and Wastewater Systems Sector entities can secure their environments. The post US Government Issues Guidance on Securing Water Systems appeared first on SecurityWeek .SECURITYWEEK.COM
22 FebNew TP-Link authentication Bypass!submitted by L4s to secops 1 points | 0 comments https://ssd-disclosure.com/ssd-advisory-tp-link-ncxxx-authentication-bypass New TP-Link authentication Bypass!::undefinedSSD-DISCLOSURE.COM
🔥 INCIDENT REPORTING 21[−]
22 FebFacebook Marketplace - 77,267 breached accountsIn February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum . The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The …HAVEIBEENPWNED.COM
22 FebOptum / Change Healthcare Breachsubmitted by L4s to secops 1 points | 0 comments https://status.changehealthcare.com/incidents/hqpjz25fn3n7 Optum / Change Healthcare Breach::Optum Solutions’s Status Page - Update: Some applications are experiencing connectivity issues…STATUS.CHANGEHEALTHCARE.COM
22 FebU.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware LeadersThe U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. "Since January 2020, LockBit act…THEHACKERNEWS.COM
22 FebSwiggy Account Hacked, Hackers Placed Orders Worth Rs 97,000In a startling incident underscoring the growing menace of cybercrime, a woman’s Swiggy account was hacked, leading to fraudulent orders worth Rs 97,000. The Delhi Police swiftly acted on the complaint, arresting two individuals, Aniket Kalra (25) and Himanshu Kumar (23), f…GBHACKERS.COM
22 FebLockBit Attempts to Stay Afloat With a New VersionThis research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.TRENDMICRO.COM
22 FebSingapore Struggles With Scams as Cybercrime Cases Keep ClimbingScams and cybercrime cases in Singapore increased by 49.6% in 2023, with victims losing a total of SG$651.8 million (~US$483.62 million), despite industry-wide measures being implemented to combat such incidents.ZDNET.COM
22 FebReport: Manufacturing Bears the Brunt of Industrial RansomwareThe industrial sector, particularly manufacturing, has been heavily targeted by ransomware attacks, with over 900 incidents reported in the past year, according to a report by Dragos.CYBERSCOOP.COM
22 FebReport: Initial Ransomware Demands Jump 20% to $600,000 in 2023A report by Arctic Wolf on cybercrime in 2023 revealed that ransomware demands rose by 20%, with some industries facing median demands of $1 million or more per incident.INFOSECURITY-MAGAZINE.COM
22 FebUS to Pay $15M for Info About Lockbit Ransomware Operator DataIn a significant move against cybercrime, the U.S. government has announced a bounty of up to $15 million for information that could lead to the identification, arrest, or conviction of individuals associated with the notorious LockBit ransomware group. This announcement comes as…GBHACKERS.COM
22 FebUS Health Tech Giant Change Healthcare Hit by CyberattackThe incident disrupted patient payments and prescription processing, affecting a significant portion of the U.S. healthcare system due to Change Healthcare's extensive reach and role in handling healthcare transactions.TECHCRUNCH.COM
22 FebBreach at Aussie Telecom Tangerine Affects 232,000 CustomersThe company confirmed that no credit/debit card numbers were compromised and assured that customer accounts are protected by multifactor authentication, ensuring security from unauthorized access.HEALTHCAREINFOSECURITY.COM
22 FebChange Healthcare Cyberattack Causes Significant DisruptionChange Healthcare is experiencing network disruptions after taking systems offline in response to a cyberattack. The post Change Healthcare Cyberattack Causes Significant Disruption appeared first on SecurityWeek .SECURITYWEEK.COM
22 FebCryptocurrency Exchange FixedFloat Hacked to Siphon Off $26 Million in BTC, ETHFixedFloat, a non-KYC crypto exchange, was hacked for $26 million worth of Bitcoin and Ethereum due to vulnerabilities and insufficient security measures, leading to frozen transactions and missing funds.HACKREAD.COM
22 FebNCA Exposes Nearly 200 LockBit Affiliates, Data Theft MalwareThe UK's National Crime Agency (NCA) has gained control of LockBit's site and has exposed the identities of the affiliates, disrupted the affiliate infrastructure, and destroyed the servers used for data exfiltration.THEREGISTER.COM
22 FebResilience Acquires Incident Response Provider BreachQuestResilience, a cyber insurance startup, has acquired BreachQuest, a cybersecurity company specializing in incident response solutions, to enhance its cyber risk management software and incident management solution.COVERAGER.COM
22 FebHack at Healthcare Services Firm Hits 2.4 Million Eye Doctor PatientsThe breach affected nearly 2.4 million patients and compromised sensitive information such as names, contact details, medical records, and in some cases, Social Security numbers and insurance information.BANKINFOSECURITY.COM
22 FebHow to Analyse Linux Malware in ANY.RUNLinux, traditionally viewed as a more secure operating system than Windows, has experienced a notable increase in malware attacks. In 2022, Linux malware incidents surged by 50%, significantly increasing and highlighting the critical need for robust analysis and defense mechanism…GBHACKERS.COM
22 FebEye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 MillionEye care practice management firm American Vision Partners faces lawsuit over data breach impacting 2.3 million patients. The post Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million appeared first on SecurityWeek .SECURITYWEEK.COM
22 FebBring us the head of LockBit! $15 million bounty offered for information on leaders of notorious ransomware gangA huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
22 FebTransatlantic Cable podcast episode 334 | Kaspersky official blogEpisode 334 of the Kaspersky podcast includes LockBit takedown, big tech to tackle misinformation, blue aliens and more!KASPERSKY.COM
22 FebBreach Roundup: More Fallout From the LockBit TakedownAlso: Avast Agrees to $16.5 Million Civil Penalty to Settle Privacy Investigation This week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced log…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 19[−]
22 FebISC Stormcast For Thursday, February 22nd, 2024 https://isc.sans.edu/podcastdetail/8866, (Thu, Feb 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 FebEarth Preta Hackers Abuses Google Drive to Deploy DOPLUGS MalwareThreat actors abuse Google Drive for several malicious activities due to its widespread use, easy file sharing, and collaboration features. These things provide a convenient platform to host and distribute malware. Integration with legitimate services makes detecting and blocking…GBHACKERS.COM
22 FebBSides Lisbon 2023submitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/c8811ae2-72ba-4053-a8b4-2a828a6fdbff.png BSides Lisbon 2023 videos BSides Lisbon 2023 Schedule BSidesLisbon is the premier technical information security conference in Portugal. It is a comm…INFOSEC.PUB
22 FebBeware of New AsukaStealer Steal Browser Passwords & Desktop ScreensAn updated version of the ObserverStealer known as AsukaStealer was observed to be advertised as malware-as-a-service that was capable of collecting data from desktop screenshots, Steam Desktop Authenticator application, FileZilla sessions, Telegram sessions, Discord tokens, brow…GBHACKERS.COM
22 FebBlog - iMessage with PQ3: The new state of the art in quantum-secure messaging at scale - Apple Security Researchsubmitted by kid to cybersecurity 2 points | 0 comments https://security.apple.com/blog/imessage-pq3/ Apple has announced PQ3, a significant cryptographic update for iMessage, providing Level 3 security with post-quantum cryptography (PQC) for both initial key establishment and o…SECURITY.APPLE.COM
22 FebNew Leak Shows Business Side of China’s APT MenaceA new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contrac…KREBSONSECURITY.COM
22 FebAn Online Dump of Chinese Hacking Documents Offers a Rare Window Into Pervasive State SurveillanceLeaked documents show how Chinese authorities surveil dissidents overseas, hack other nations and promote pro-Beijing narratives online. The post An Online Dump of Chinese Hacking Documents Offers a Rare Window Into Pervasive State Surveillance appeared first on SecurityWeek .SECURITYWEEK.COM
22 FebPalo Alto Networks and Kyndryl: Unlocking Industry 4.0 with Private 5GKyndryl and Palo Alto Networks established an innovation lab, Industry 4.0 with private 5G, secured by Zero Trust principles. The post Palo Alto Networks and Kyndryl: Unlocking Industry 4.0 with Private 5G appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
22 FebRussian Turla Cyberspies Target Polish NGOs With New BackdoorRussian state-sponsored threat actor Turla has been using a new backdoor in recent attacks targeting Polish NGOs. The post Russian Turla Cyberspies Target Polish NGOs With New Backdoor appeared first on SecurityWeek .SECURITYWEEK.COM
22 FebThreat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like ToolThreat actors are actively deploying the recently released self-replicating and self-propagating SSH-Snake worm. The post Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool appeared first on SecurityWeek .SECURITYWEEK.COM
22 FebPrivacy Teams Expected to Guard AI FutureTarun Samtani of International SOS Discusses AI Privacy Implementation Principles In most organizations, the privacy team plays an important role in artificial intelligence implementation and governance. Tarun Samtani, DPO and privacy program director at International SOS, said p…DATABREACHTODAY.CO.UK
22 FebRussian Consular Software Installer Backdoored to Deploy Konni RATThis activity is linked to actors from North Korea targeting Russia. The trojan is being distributed through backdoored software installers and is capable of file transfers and command execution.MEDIUM.COM
22 FebNew Image/Video Prompt Injection AttacksSimon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it’s really impressive. Which means a lot of scary new prompt injection attacks. And remember, given the current state of technology, prompt injection att…SCHNEIER.COM
22 FebThreat Intelligence & Threat Hunting - Chris Cochran - ESW VaultCheck out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 22, 2021. Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EA…YOUTUBE.COM
22 FebFTC Accuses Avast of Selling Customer Browsing Data to AdvertisersEuropean security vendor Avast is charged with harvesting consumer web browsing data through its browser extension and anti-virus software and “and sold it without adequate notice and without consumer consent.” The post FTC Accuses Avast of Selling Customer Browsing Data to Adver…SECURITYWEEK.COM
22 FebCryptohack Roundup: $26 Million FixedFloat HackAlso: FCA Rounds Up Noncompliant Firms; GoFundMe Shuts Down Tornado Cash Fundraiser This week, FixedFloat lost $26 million in a hack, the U.K. Financial Conduct Authority found illegal promotions of cryptocurrency, GoFundMe shuttered a Tornado Cash fundraiser, and an Australian c…DATABREACHTODAY.CO.UK
22 FebReport: Ofcom Unprepared to Implement UK Online Safety BillUK Parliamentary Committee Says the Agency Is Not Likely to Meet the 2025 Deadline The U.K. telecom regulatory Ofcom faces "significant challenges" in implementing the newly passed Online Safety Act, which is intended to protect children from online harm, says analysis by the Hou…DATABREACHTODAY.CO.UK
22 FebAnnouncing Microsoft’s open automation framework to red team generative AI SystemsToday, we are releasing an open automation framework, PyRIT (Python Risk Identification Toolkit for generative AI) to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems. The post Announcing Microsoft’s open autom…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
22 FebNew Wi-Fi Vulnerabilities Expose Android and Linux Devices to HackersThese vulnerabilities could lead users to join a malicious network or allow attackers to access trusted networks without a password. The vulnerabilities could result in potential attacks such as malware infections and data theft.THEHACKERNEWS.COM
22 FebWeb3 Crypto Malware: Angel Drainer - From Phishing Sites to Malicious InjectionsThe growth of Web3 and Dapp technologies has attracted cybercriminals, leading to the creation of thousands of Web3 phishing sites with crypto drainers and an increase in attacks targeting Dapp users.SUCURI.NET
22 FebNew Mustang Panda Campaign Targets Asia with a Backdoor Dubbed DOPLUGSThe DOPLUGS malware acts as a downloader and supports four backdoor commands, including the ability to download a generic version of the PlugX malware, and it utilizes the KillSomeOne module to support USB worm capability.SECURITYAFFAIRS.COM
22 Feb'Lucifer' Botnet Turns Up the Heat on Apache Hadoop ServersThe botnet's campaign has evolved through three distinct phases, testing new infection routines and defense evasion techniques before potentially launching a broader attack.DARKREADING.COM
📡 INFOSEC NEWS 22[−]
22 Feb[Guest Diary] Friend, foe or something in between? The grey area of 'security research', (Thu, Feb 22nd)[This is a Guest Diary by Rachel Downs, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].
ISC.SANS.EDU
22 FebNSA Cyber Director Rob Joyce to RetireThe director of cybersecurity at the National Security Agency, Rob Joyce, is retiring after 34 years of service. David Luber, deputy director of the Cybersecurity Directorate, will succeed Joyce.CYBERSECURITYDIVE.COM
22 FebCredential phishing targets ESPs through ESPsCybercriminals hunt down access to credentials on the SendGrid service by sending phishing emails through SendGrid itself.KASPERSKY.COM
22 FebEurope Announces Launch of Formal Probe Into TikTok Under Digital Rights LawThe European Commission is investigating TikTok for potential violations of the Digital Services Act related to child protection, advertising transparency, and harmful content.THERECORD.MEDIA
22 Feb36% of Code Generated by GitHub CoPilot Contains Security FlawsA new report by Veracode revealed the prevalence of security debt in applications and organizations, with 42% of applications and 71% of organizations having unfixed flaws.HELPNETSECURITY.COM
22 FebA New Age of HacktivismIn the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming ne…THEHACKERNEWS.COM
22 FebLarge AT&T Wireless Network Outage #att #outage, (Thu, Feb 22nd)Beginning this morning, AT&#;x26;T&#;x26;#;39;s cellular network suffered a major outage across the US. At this point, AT&#;x26;T has not made any statement as to the nature of the outage. It is far too early to speculate. I…ISC.SANS.EDU
22 FebAn Online Dump Of Chinese Hacking Documents Offers A Rare Window Into Pervasive State SurveillancePACKETSTORMSECURITY.COM
22 FebHow I Built a Car In a BoxIn this article, we'll see how to put an entire car into a transportable box from scratch or at least the main electronic components.QUARKSLAB.COM
22 FebMassive AT&T, Verizon, and T-Mobile outage impacts US customersTens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning. [...]BLEEPINGCOMPUTER.COM
22 FebFTC to ban Avast from selling browsing data for advertising purposesThe U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. [...]BLEEPINGCOMPUTER.COM
22 FebApple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessageApple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer. "With compromise-resilient encryption …THEHACKERNEWS.COM
22 FebMassive AT&T outage also hits Verizon and T-Mobile customersTens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning. [...]BLEEPINGCOMPUTER.COM
22 FebMassive AT&T outage impacts US mobile subscribersTens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning. [...]BLEEPINGCOMPUTER.COM
22 FebCSE urges the Canadian cyber security community to be vigilant on two-year mark of Russia’s full-scale invasion of UkraineCYBER.GC.CA
22 FebFTC bans antivirus giant Avast from selling its users’ browsing data to advertisersThe Federal Trade Commission on Thursday said it will ban the antivirus giant Avast from selling consumers’ web browsing data to advertisers after Avast claimed its products would prevent its users from online tracking. Avast also settled the federal regulator’s charg…TECHCRUNCH.COM
22 FebMicrosoft has started testing Wi-Fi 7 support in Windows 11Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations. [...]BLEEPINGCOMPUTER.COM
22 FebEverything you need to know about IP grabbersYou would never give your personal ID to random strangers, right? So why provide the ID of your computer? Unsuspecting users beware, IP grabbers do not ask for your permission.WELIVESECURITY.COM