110Articles
8Categories
2024-03-28Date
🚨 CISA KEV 1[−]
28 Mar KEVCISA Adds One Known Exploited Vulnerability in Microsoft Sharepoint Server to CatalogThe vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with Site Owner privileges to execute arbitrary code.CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
28 MarThousands of servers hacked due to insecurely deployed Ray AI frameworkResearchers warn that thousands of servers have been compromised over the past seven months because of lack of authentication by default in an open-source compute framework called Ray, which is used to distribute machine learning and AI workloads. The framework’s developers don’t…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
28 MarHardware Vulnerability in Apple’s M-Series ChipsIt’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CP…SCHNEIER.COM
28 MarHackers Developing Malicious LLMs After WormGPT Falls FlatCrooks Are Recruiting AI Experts to Jailbreak Existing LLM Guardrails Cybercrooks are exploring ways to develop custom, malicious large language models after existing tools such as WormGPT failed to cater to their demands for advanced intrusion capabilities, security researchers …DATABREACHTODAY.CO.UK
28 MarThe AI Revolution and White-Collar WorkersWill AI Be a Catalyst for Innovation or a Source of Displacement? If we proactively tackle the complexities of the AI revolution, we can ensure that it serves as a catalyst for innovation rather than a source of displacement. With thoughtful planning and inclusive policies, the i…DATABREACHTODAY.CO.UK
28 MarGoogle Fixes Chrome Zero-Days Exploited at Pwn2Own 2024Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.BLEEPINGCOMPUTER.COM
28 Mar2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch NowGoogle has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including two zero-day exploits showcased at the prestigious Pwn2Own 2024 hacking competition. The update, which affects Chrome users on Windows, Mac, and Linux, elevates the browser …GBHACKERS.COM
28 MarMeta sued for snooping on Snapchat usersIn a revelation stemming from a recently unsealed court document, Meta, formerly Facebook, is being sued by a group of advertisers for its alleged secret project, “Project Ghostbusters,” a moniker seemingly inspired by Snapchat’s ghost logo. This project raises concerns about dig…CSOONLINE.COM
28 MarAre you okay? Understanding the world of a CISOWhen someone asks a CISO, “Are you okay,” it’s more than just a polite inquiry. It’s an acknowledgment of the visible strain that our intense, high-stakes environment can have on us. This question, especially coming from colleagues in non-technical roles, often reflects their obs…CSOONLINE.COM
28 MariPhone Users Beware! Darcula Phishing Service Attacking Via iMessagePhishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information and grant unauthorized access. It’s an effective social engineering technique that can bypass even robust technical security measures.  Phishing kits and servi…GBHACKERS.COM
28 MarYour employees are using sensitive corporate devices for personal browsingEmployees in the US are opening themselves and their organizations to a range of cyberattacks as a vast majority is found to be using corporate devices, with sensitive access to corporate resources, for personal browsing, according to a CyberArk study. The study, which asked brow…CSOONLINE.COM
28 MarA Zero Trust approach for remote access in utilities is essentialCyberattacks on utilities more than doubled from 2020 to 2022. It’s likely the case that the rapid growth of connected assets is outstripping security capabilities. One analyst firm predicts that by 2026, industrial organizations will have more than 15 billion new and legacy asse…CSOONLINE.COM
28 MarReport suggests cybersecurity investment, board involvement linked to better shareholder returnsCybersecurity preparedness and financial success are strongly correlated with companies that maintain strong security measures, outperforming peers with only basic defenses by as much as 372% in shareholder returns, according to a report by Diligent and Bitsight. The report, whic…CSOONLINE.COM
28 MarCisco Releases Security Updates for Multiple ProductsCisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and AP software. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service. CISA encourages users and administrators to review the following advisories and apply t…CISA.GOV
28 MarHow Pentesting-as-a-Service can Reduce Overall Security CostsPenetration testing plays a critical role in finding application vulnerabilities before they can be exploited. Learn more from Outpost24 on the costs of Penetration-Testing-as-a-Service vs classic pentest offerings. [...]BLEEPINGCOMPUTER.COM
28 Mar KEVAre we winning? - Jason Healey - PSW #822Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: * DEFRAG Hacker Film Festival short documentary (https://youtu.be/NYvHWcQsIRE) on hackers and their favorite films. For educational purposes only,…YOUTUBE.COM
28 MarMalware Upload Attack Hits PyPI RepositoryMaintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarRetail chain Hot Topic hit by new credential stuffing attacksAmerican retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data. [...]BLEEPINGCOMPUTER.COM
28 MarIran’s evolving influence operations and cyberattacks support HamasIran launched its own campaign targeting Israel as the war commenced on October 7. Initially, Iran’s efforts were reactive, and its influence campaign focused on disseminating misleading information. Iranian and Iran-affiliated groups quickly grew more coordinated in their effort…CSOONLINE.COM
28 MarDecade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwordsA vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command. [...]BLEEPINGCOMPUTER.COM
28 MarCisco: Security teams are ‘overconfident’ about handling next-gen threatsDespite the dangers posed by new threats like generative AI, a new study from Cisco found that security teams are “overconfident” and comfortable in their ability to cope with a rapidly changing threat landscape. The study published today surveyed more than 8,000 cybersecurity de…CSOONLINE.COM
28 MarFeds Seek Secure-by-Design Armageddon for SQL Injection BugsHackers Continue to Abuse Easily Preventable Vulnerability to Cause Massive Damage What will it take to rid the world of SQL injection vulnerabilities, which remain too easily exploitable by attackers for ransacking databases and worse, despite having been classified as "unforgiv…DATABREACHTODAY.CO.UK
28 MarWhy cyber hygiene requires curious talent - Clea Ostendorf - ESW #355Many years ago, I fielded a survey focused on the culture of cybersecurity. One of the questions asked what initially drew folks to cybersecurity as a career. The most common response was a deep sense of curiosity. Throughout my career, I noticed another major factor in folks tha…YOUTUBE.COM
28 MarMicrosoft: 87% of UK Businesses Are Unprepared for Cyberattacks - Source: www.techrepublic.comsubmitted by Lanky_Pomegranate530 to cybersecurity 2 points | 2 comments https://ciso2ciso.com/microsoft-87-of-uk-businesses-are-unprepared-for-cyberattacks-source-www-techrepublic-com/ Source: www.techrepublic.com – Author: Owen Hughes A report from Microsoft and Goldsmiths, Uni…CISO2CISO.COM
28 MarGoogle Public DNS’s approach to fight against cache poisoning attacksTianhao Chi and Puneet Sood, Google Public DNS The Domain Name System (DNS) is a fundamental protocol used on the Internet to translate human-readable domain names (e.g., www.example.com) into numeric IP addresses (e.g., 192.0.2.1) so that devices and servers can find and communi…SECURITY.GOOGLEBLOG.COM
📢 SECURITY ADVISORIES 17[−]
28 MarUK: NCSC Warns of Hackers Hitting High-Risk Individuals' Personal AccountsBritain's National Cyber Security Center is warning that criminals and nation-state hacking groups, confronted with well-managed corporate cybersecurity defenses, have turned their sights to individual personal devices and accounts.BANKINFOSECURITY.COM
28 MarCISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 EntitiesCISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities. The post CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarSellafield nuclear waste dump faces prosecution over cybersecurity failuresThe UK's Office for Nuclear Regulation (ONR) has started legal action against the controversial Sellafield nuclear waste facility due to years of alleged cybersecurity breaches. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
28 MarC2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory ComplianceIn 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such as BMW Group, Daimler Truck AG, Marelli, NTT Data, Siemens, and Valeo, among others. C2A Security’s DevSecOps Platform, ‘EVSec’, has gained widesprea…GBHACKERS.COM
🔥 INCIDENT REPORTING 19[−]
28 MarMunicipalities in Texas, Georgia See Services Disrupted Following Ransomware AttacksOn Tuesday evening, the government of Gilmer County in Georgia posted a notice on its website warning that a ransomware attack was affecting its ability to provide services to its more than 30,000 residents.THERECORD.MEDIA
28 MarUS Offering $10 Million Reward for Information on Change Healthcare HackersThe US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure. The post US Offering $10 Million Reward for Information on Change Healthcare Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarDetails and Lessons Learned From the Ransomware Attack on the British LibraryAlthough the attack on the national library of the UK occurred five months ago, the Library’s infrastructure won’t be rebuilt until mid-April 2024, and then the full restoration of systems and data can begin. The post Details and Lessons Learned From the Ransomware Attack on the …SECURITYWEEK.COM
28 MarThe Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for ProxyBlack Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and turning them into bots for the Faceless proxy service. TheMoon bots grew to over 40,000 in early 2024 and enabled Faceless to gain nearly 7,000 new users weekly. It identified a …GBHACKERS.COM
28 MarCoro, building cybersecurity for SMBs, locks down $100M at a $750M valuationEnterprises and other large organizations have long been a lucrative and obvious target for cybercriminals, but in recent years — thanks to more sophisticated breach techniques and the rise of AI — small and medium businesses are now also very much on the map. Now, Co…TECHCRUNCH.COM
28 MarExvagos - 2,121,789 breached accountsIn July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.HAVEIBEENPWNED.COM
28 MarVietnam Securities Broker Suffers Cyberattack That Resulted in Trading SuspensionIn a social media post, VNDirect described a four-stage process of restoration, starting with customer accounts, which is now complete, and followed by restoring floor trading and then its other financial services.DARKREADING.COM
28 MarHow will the Merck settlement affect the insurance industry?A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else? In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affecte…SECURITYINTELLIGENCE.COM
28 Mar'Darcula' Phishing-as-a-Service Operation Bleeds Victims Across 100 More Than CountriesThe Chinese-language, phishing-as-a-service platform "Darcula" has created 19,000 phishing domains in cyberattacks against more than 100 countries, Netcraft researchers say.DARKREADING.COM
28 MarFinland Blames Chinese Hacking Group APT31 for Parliament Cyber AttackThe Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The a…THEHACKERNEWS.COM
28 MarUS offers $10M to help catch Change Healthcare hackersThe government's reward for information now extends to ALPHV's affiliates, which claimed responsibility for a massive weeks-long healthcare cyberattack. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
28 MarLinux Version of DinodasRAT Spotted in Cyber Attacks Across Several CountriesA Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability …THEHACKERNEWS.COM
28 MarLinux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countriessubmitted by Lanky_Pomegranate530 to cybersecurity 2 points | 0 comments https://thehackernews.com/2024/03/linux-version-of-dinodasrat-spotted-in.html?m=1THEHACKERNEWS.COM
28 MarOnDemand | 1 in 3 Breaches Go Undetected: Strengthen Your Defense Against Identity AttacksInsights from recent cyberattacks where weak authentication measures were circumvented Insights from recent cyberattacks where weak authentication measures were circumventedDATABREACHTODAY.CO.UK
28 MarUnitedHealth Admits Patient Data Was 'Taken' in Mega AttackUS Government Offers $10M Bounty to Track Down Leadership of BlackCat Crime Group UnitedHealth Group has admitted data was "taken" in the cyberattack on Change Healthcare and has just started analyzing the types of personal, financial and health information potentially compromise…DATABREACHTODAY.CO.UK
28 MarBreach Roundup: Russian Organizations Losing Microsoft CloudAlso: Hackers Target Apple Password Reset Flaw This week, Russian organizations are losing Microsoft Cloud, hackers targeted an Apple flaw, Germany warned of critical flaws in Microsoft Exchange, an info stealer targeted Indian government agencies and the energy sector, and Finla…DATABREACHTODAY.CO.UK
28 MarFrom Despair to Disruption: Zafran Takes on Cyber MitigationAmid COVID-19 Ransomware Woes, Sanaz Yashar's Frustration Sparked Zafran's Birth Faced with relentless cyberattacks and the shortcomings of existing defenses, Sanaz Yashar embarked on a journey to create a security risk and mitigation platform, transforming frustration into start…DATABREACHTODAY.CO.UK
28 MarThread Hijacking: Phishes That Prey on Your CuriosityThread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a privat…KREBSONSECURITY.COM
28 MarCybercriminals play dirty: A look back at 10 cyber hits on the sporting worldThis rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurityWELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 19[−]
28 MarOMB Issues First Governmentwide AI Risk Mitigation RulesGuidance Calls for Agencies to Appoint Chief AI Officers, Set Up Governance Boards The Office of Management and Budget issued the first-ever governmentwide guidance for mitigating risks associated with the federal use of artificial intelligence, including specific actions agencie…DATABREACHTODAY.CO.UK
28 MarSecuring SMBs Globally: Coro Raises $100M to Go Into EuropeSeries D Funding Will Strengthen Coro's Channel Program, European Market Presence Coro completed a $100 million Series D round to expand its global footprint and enhance its channel program. The funding aims to address the needs of Europe's expansive midmarket business community …DATABREACHTODAY.CO.UK
28 MarTycoon 2FA - The Criminals' Favorite Platform for MFA TheftPhishing-as-a-Service Platform Lets Hackers Impersonate More Than 1,100 Domains A phishing-as-a-service platform that allows cybercriminals to impersonate more than 1,100 domains has over the past half year become one of the most widespread adversary-in-the-middle platforms. Atta…DATABREACHTODAY.CO.UK
28 MarChinese Cyberspies Targeting ASEAN EntitiesTwo Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN. The post Chinese Cyberspies Targeting ASEAN Entities appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarThreat Indicators Show 2024 Is Already Promising to be Worse Than 2023In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. The post Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarISC Stormcast For Thursday, March 28th, 2024 https://isc.sans.edu/podcastdetail/8914, (Thu, Mar 28th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
28 MarCisco Patches DoS Vulnerabilities in Networking ProductsCisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS). The post Cisco Patches DoS Vulnerabilities in Networking Products appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarZafran Emerges From Stealth With Risk and Mitigation Platform, $30M in FundingZafran has emerged from stealth mode with a risk and mitigation platform and $30 million in funding from Sequoia Capital and Cyberstarts. The post Zafran Emerges From Stealth With Risk and Mitigation Platform, $30M in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
28 Mar[New Feature] Start Coaching Your Users in Real Time With the New Google Chat Integration for KnowBe4's SecurityCoachAttention Google Workspace users! You’ve asked, and we’ve delivered, integrating KnowBe4's SecurityCoach with Google Chat .KNOWBE4.COM
28 MarWireshark 4.2.4 Released: What’s New!Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and education. The latest update, Wireshark 4.2.4, includes a host of fixes and updates to further cement its position as the go-to tool for network professionals an…GBHACKERS.COM
28 MarZoom Unveils AI-Powered All-In-One AI Work WorkplaceZoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered platform designed to redefine how we work. This innovative solution aims to streamline communication, enhance collaboration, and boost productivity. It addresses the challenges …GBHACKERS.COM
28 MarCoro Raises $100 Million for All-in-One Security PlatformCoro has raised $100 million in Series D funding for its enterprise-grade platform tailored for the small- and mid-sized market. The post Coro Raises $100 Million for All-in-One Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarCybersecurity Mesh: Overcoming Data Security OverloadA significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach. The post Cybersecurity Mesh: Overcoming Data Security Overload appeared first on Se…SECURITYWEEK.COM
28 MarCyberespionage Campaign Targets Government, Energy Entities in IndiaThreat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarSplunk Patches Vulnerabilities in Enterprise ProductSplunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue. The post Splunk Patches Vulnerabilities in Enterprise Product appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarCrypto, Bluetooth Vulns, Unsafe Locks - PSW #822The PSW crew discusses some crypto topics, such as post-quantum and GoFetch, new Flipper Zero projects, RFID hacking and hotel locks, BlueDucky, side channel attacks and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly…YOUTUBE.COM
28 MarGoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 ThreatsGoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting the growing, widespread use and potential of Web3 user security data to aid in risk management. The report’s findings reveal a clear and growing demand for more…GBHACKERS.COM
28 MarCryptohack Roundup: Sam Bankman-Fried Gets 25-Year SentenceAlso: US Sanctions for Russia-Linked DeFi, Coinbase Can't Escape SEC Lawsuit This week, Sam Bankman-Fried got 25 years, the U.S sanctioned a Russian fintech, Coinbase can't get out of an SEC lawsuit, Munchables lost millions and had it returned, Curio and ParaSwap had smart contr…DATABREACHTODAY.CO.UK
28 MarFederal Elections Commission Considers Regulating AIFEC Commissioner Says Group Is Exploring How to Regulate Campaign Deepfakes The U.S. Federal Elections Commission is determining whether its existing statutory authorities allow it to regulate the use of artificial intelligence in campaign advertisements after receiving thousands…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
28 MarStealthMole raises $7M Series A for its AI-powered dark web intelligence platformStealthMole, an AI-powered dark web intelligence startup that specializes in monitoring cyber threats and detecting cybercrime, announced Thursday that it has raised a $7 million Series A funding round. The Singapore-headquartered startup with an R&D office in South Korea wil…TECHCRUNCH.COM
28 MarSmashing Security podcast #365: Hacking hotels, Google’s AI goof, and cyberflashingSecurity researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google's AI search pushes malware and scams. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Gr…GRAHAMCLULEY.COM
28 MarPyPI suspends new user registration to block malware campaignThe Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. [...]BLEEPINGCOMPUTER.COM
28 MarActivision says it’s investigating password-stealing malware targeting game playersVideo game giant Activision is investigating a hacking campaign that’s targeting players with the goal of stealing their credentials, TechCrunch has learned. At this point, the hackers’ specific goals — apart from stealing passwords for various types of accounts — are unclear. So…TECHCRUNCH.COM
📡 INFOSEC NEWS 26[−]
28 MarTurning to a Career in CybersecurityCyberthreats Are Rampant, Expertise Is Needed, and the Rewards Are Great The transition to a career in cybersecurity is not just a change of professional direction; it represents a commitment to defending the digital world. Here's how you can get the critical technical skills nee…DATABREACHTODAY.CO.UK
28 MarOn Point: The New Impersonation-Social Engineering AttacksHow AI and Deepfakes Make Impersonation Attacks Stronger - and How to Stop Them Industrious attackers are using cutting-edge deepfake and AI technologies to blend impersonation and social engineering attacks. Robust processes that include checks and balances and improved proving …DATABREACHTODAY.CO.UK
28 MarApps Secretly Turning Devices Into Proxy Network Nodes Removed From Google PlayThough the LumiApps’s privacy policy talks about devices being part of the LumiApps networks, app developers might not read it before starting to use the malicious SDK in their apps.HELPNETSECURITY.COM
28 MarTrezor’s Twitter Account Hijacked by Cryptocurrency Scammers via Bogus Calendly InviteAccording to Trezor, someone posing as "a credible entity from the crypto space", using a Twitter account with thousands of followers, approached its PR team on February 29, 2024. The imposter asked to interview Trezor CEO Matej Zak.BITDEFENDER.COM
28 MarBehind the Scenes: The Art of Safeguarding Non-Human IdentitiesIn the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of C…THEHACKERNEWS.COM
28 MarNew ZenHammer Attack Bypasses Rowhammer Defenses on AMD CPUsCybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR). "This result p…THEHACKERNEWS.COM
28 MarTelegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPsIn June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends' email addresses in exchange for free piz…THEHACKERNEWS.COM
28 MarHow to tell that what appears to be a message from your boss is actually the beginning of a scam attack | Kaspersky official blogThe key signs of boss-scam schemes, and ways to protect against them.KASPERSKY.COM
28 MarUpdate: INC Ransom Claims Responsibility for Attack on NHS ScotlandThe INC Ransom group this week claimed responsibility for the assault on 'NHS Scotland', saying it stole 3TB worth of data while leaking a small number of sensitive files.THEREGISTER.COM
28 MarNew Webinar: Avoiding Application Security Blind Spots with OPSWAT and F5Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing c…THEHACKERNEWS.COM
28 MarHackers Developing Malicious LLMs After WormGPT Falls FlatCybercrooks are exploring ways to develop custom, malicious large language models after existing tools such as WormGPT failed to cater to their demands for advanced intrusion capabilities, security researchers said.HEALTHCAREINFOSECURITY.COM
28 MarChinese Cyberspies Targeting ASEAN EntitiesPACKETSTORMSECURITY.COM
28 MarHow AI Is Shaping an Inclusive and Diverse FutureAI's Transformative Impact and Challenges in Developing Regions AI presents enormous opportunities for reducing inequalities and promoting inclusivity in developing regions, but its deployment must be guided by ethical practices and a conscious effort to integrate diversity and i…DATABREACHTODAY.CO.UK
28 MarDarcula Phishing Network Leveraging RCS and iMessage to Evade DetectionA sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale. "Using iMessage and R…THEHACKERNEWS.COM
28 MarCisco warns of password-spraying attacks targeting VPN servicesCisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. [...]BLEEPINGCOMPUTER.COM
28 MarSensor Intel Series: Top CVEs in February 202427 new CVEs, and continued IoT targeting. See what's new from February 2024.F5.COM
28 MarSensor Intel Series: Top CVEs in February 202427 new CVEs, and continued IoT targeting. See what's new from February 2024.F5.COM