101Articles
8Categories
2024-04-24Date
🚨 CISA KEV 2[−]
24 Apr KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-20353  Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability CVE…CISA.GOV
24 Apr KEVCisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall PlatformsToday, Cisco released security updates to address ArcaneDoor—exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. A cyber threat actor could exploit vulnerabilities ( CVE-2024-20353 , CVE-2024-20359 , CVE-2024-20…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
24 AprAPI Rug Pull - The NIST NVD Database and API (Part 4 of 3), (Wed, Apr 24th)A while back I got an email from Perry, one of our readers who was having a problem using my cvescan script, which I covered in a 3 part story back in 2021: ISC.SANS.EDU
24 AprGoogle Patches Critical Chrome VulnerabilityGoogle patches CVE-2024-4058, a critical Chrome vulnerability for which researchers earned a $16,000 reward. The post Google Patches Critical Chrome Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprMultiple MySQL2 Flaw Let Attackers Arbitrary Code RemotelyThe widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code execution, Arbitrary code injection, and Prototype Pollution. These vulnerabilities have been assigned with CVE-2024-21508, CVE-2024-21509, and CVE-2024-21511. The severity of these vul…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
24 AprCoralRaider Malware Campaign Exploits CDN Cache to Spread Info-StealersA new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed t…THEHACKERNEWS.COM
24 AprThe rise in CISO job dissatisfaction – what’s wrong and how can it be fixed?More CISOs are dissatisfied with the role today than ever before, with studies showing that a high number of security chiefs (75%) are interested in a job change . What gives? Researchers, advisors and CISOs themselves cite a litany of reasons for the current discontentment, rang…CSOONLINE.COM
24 AprStudy: GPT-4 Agent can Exploit Unpatched VulnerabilitiesAcademics at a U.S. university found that if you feed a GPT-4 artificial intelligence agent public security advisories, it can exploit unpatched "real-world" vulnerabilities without precise technical information.BANKINFOSECURITY.COM
24 AprCoralRaider Malware Campaign Exploits CDN Cache to Spread Info-StealersA new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.THEHACKERNEWS.COM
24 AprTrend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking TrojanIn this blog entry, we discuss Trend Micro's contributions to an Interpol-coordinated operation to help Brazilian and Spanish law enforcement agencies analyze malware samples of the Grandoreiro banking trojan.TRENDMICRO.COM
24 ApreScan Antivirus Update Mechanism Exploited to Spread Backdoors and MinersA new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the…THEHACKERNEWS.COM
24 AprPentagon Launches DIB Vulnerability Disclosure ProgramThe DIB Vulnerability Disclosure Program (DIB-VDP), a joint venture between the DoD Cyber Crime Center (DC3), the Defense Counterintelligence and Security Agency (DCSA), and HackerOne, will bring better vulnerability disclosure practices to the DIB.MERITALK.COM
24 AprIBM Nearing Talks to Acquire Cloud-software Provider HashiCorpIBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure software market player. This potential acquisition is part of IBM’s transformation into a hybrid cloud and AI-focused enterprise. Potential Acquisition Details Sources …GBHACKERS.COM
24 AprRansomware Victims Who Opt To Pay Ransom Hits Record LowLaw enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members aiming to undermine affiliate confidence. In response, LockBit publicly exposed an affiliate payment dispute, potentially causing further affiliate migration. The beh…GBHACKERS.COM
24 AprCyber Security Today, April 24, 2024 - Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and moreThis episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and password adviceCYBERSECURITYTODAY.LIBSYN.COM
24 AprMajor Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App UsersSecurity vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO,…THEHACKERNEWS.COM
24 AprSiemens Working on Fix for Device Affected by Palo Alto Firewall BugSiemens is urging organizations using its Ruggedcom APE1808 devices configured with Palo Alto Networks (PAN) Virtual NGFW to implement workarounds for a maximum severity zero-day bug that PAN recently disclosed in its next-gen firewall product.DARKREADING.COM
24 AprWhat is biometrics? 10 physical and behavioral identifiers that can be used for authenticationBiometrics definition Biometrics are physical or behavioral human characteristics to that can be used to digitally identify a person to grant access to systems, devices, or data. Examples of these biometric identifiers are fingerprints, facial patterns, voice or typing cadence. E…CSOONLINE.COM
24 AprFTC Commercial Surveillance Rules Could Arrive Within Months, Sources SayAccording to two sources familiar with the FTC's plans, the rules will emphasize data security and data minimization, or the idea that companies should only collect the data they need to conduct business with consumers and delete it when concluded.THERECORD.MEDIA
24 AprNew Password Cracking Analysis Targets BcryptHive Systems conducts another study on cracking passwords via brute-force attacks, but it’s no longer targeting MD5. The post New Password Cracking Analysis Targets Bcrypt appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprCity street lights “misbehave” after ransomware attackThe UK's Leicester City Council was thrown into chaos last month when a crippling cyber attack forced it to shut down its IT systems and phone lines. But the ransomware attack also had a more unusual impact... Read more in my article on the Hot for Security blog.BITDEFENDER.COM
24 AprHow to read encrypted messages from ChatGPT and other AI chatbots | Kaspersky official blogResearchers have developed a method for reading messages intercepted from OpenAI ChatGPT, Microsoft Copilot, and other AI chatbots. We explain how it works.KASPERSKY.COM
24 AprTines taps $50M to expand its workflow automation beyond security teamsAutomation continues to be a major theme in the enterprise — underscored not least by the rise of AI as a tool to help fix some of the more routine, resource-intensive and fragmented aspects of how security and other IT functions operate. To capitalize on that trend, one of…TECHCRUNCH.COM
24 AprNew OT security tool can help secure against critical systems attacksTo help secure the operational technology (OT) systems within industrial organizations against growing targeted attacks, cybersecurity solutions provider Critical Start has launched a managed detection and response (MDR) offering dedicated to these environments. The offering, bas…CSOONLINE.COM
24 Apr KEVCISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian ExploitationCISA warns organizations of a two-year-old Windows Print Spooler vulnerability being exploited in the wild. The post CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprMajor Security Flaws Expose Keystrokes of Over One Billion Chinese Keyboard App UsersThe vulnerabilities could be exploited to "completely reveal the contents of users' keystrokes in transit," researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.THEHACKERNEWS.COM
24 AprHow the ToddyCat threat group sets up backup traffic tunnels into victim networksToddyCat, a Chinese advanced persistent threat (APT) group that has been targeting Asian and European government and military organizations over the past four years, is using several different traffic tunneling tools to ensure persistent access to compromised networks, according …CSOONLINE.COM
24 AprFirewall Schemes at Different Layerssubmitted by redfox to cybersecurity 1 points | 0 comments This is a network defense design scheme question. In a scenario where your organization is designing multi-layered firewall deployment and management, how granular do you create rules at each of these three layers? Exampl…INFOSEC.PUB
24 AprArcaneDoor hackers exploit Cisco zero-days to breach govt networks​Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. [...]BLEEPINGCOMPUTER.COM
24 AprCisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall PlatformsCisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks. The post Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms…SECURITYWEEK.COM
24 AprMaximum severity Flowmon bug has a public exploit, patch nowProof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. [...]BLEEPINGCOMPUTER.COM
24 AprCisco Fixes Firewall 0-Days After Likely Nation-State HackNetworking Giant Dubs Campaign Against Government Customers 'Arcane Door' Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday while releasing three patches, two of them rated critical. Cisco …DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 9[−]
24 Apr"Infrastructure – the Good, the Bad and the Ugly" - Ross Anderson - 70 minutessubmitted by ashar to security_cpe 1 points | 0 comments “Infrastructure – the Good, the Bad and the Ugly” Computer technology, like the railroad, gives us infrastructure that empowers innovators. The Internet and cloud computing let startups like YouTube and Instagram soar to hu…INFOSEC.PUB
24 AprSwedish Signals Intelligence Agency to Take Over National Cybersecurity CenterAfter failing to achieve “expected results,” Sweden’s National Cyber Security Center (NCSC) is facing a range of reforms, including being brought under the control of the country’s cyber and signals intelligence agency.THERECORD.MEDIA
24 AprDan Solove on Privacy RegulationLaw professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract: In this Article I argue that …SCHNEIER.COM
24 AprAI is Sexist, Racist and HomophobicRegulation and Inclusive Training Data Can Help Reduce Bias, Experts Say Just because a machine says it, doesn't mean it's unbiased. In fact, you don't have to probe far to find underlying biases and prejudices in text composed by generative artificial intelligence. "If you look …DATABREACHTODAY.CO.UK
24 AprMajor Areas of Cybersecurity Focus for Medical Device MakersMedical device makers submitting products for premarket approval by the Food and Drug Administration often struggle the most with cybersecurity in three major areas - design controls, providing a software bill of materials and testing, according to Nastassia Tamari of the FDA.DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 11[−]
24 AprUS Treasury Sanctions Iranians Linked to Government CyberattacksThe Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies.BLEEPINGCOMPUTER.COM
24 AprVeeam Acquires Coveware to Boost its Ransomware Protection CapabilitiesVeeam Software announced the acquisition of Coveware, a provider of cyber-extortion incident response. It brings ransomware recovery and first responder capabilities to further strengthen Veeam’s radical resilience solutions for customers.HELPNETSECURITY.COM
24 AprReport: Fifth of UK Companies Admit Staff Leaked Data via GenAIOne in five UK companies has experienced sensitive corporate data exposure due to employees' use of generative AI (GenAI), according to a report by cybersecurity services provider RiverSafe.INFOSECURITY-MAGAZINE.COM
24 AprSpyroid RAT Attacking Android Users to Steal Confidential DataA new type of Remote Access Trojan (RAT) named Spyroid has been identified. This malicious software is specifically designed to infiltrate Android systems, stealing confidential data and compromising user privacy. What is Spyroid RAT? Spyroid RAT is a sophisticated malware that t…GBHACKERS.COM
24 AprHackers Publish Fake Story About Ukrainians Attempting To Assassinate Slovak PresidentAn unidentified attacker hacked a Czech news service's website and published a fake story on Tuesday claiming that an assassination attempt had been made against the newly elected Slovak president Petr Pellegrini.THERECORD.MEDIA
24 AprReport: Attacker Dwell Time Down, Ransomware up in 2023According to a new report by Mandiant, which is based on Mandiant Consulting investigations during 2023, the global median dwell time for attackers fell to its lowest point since the company began tracking the metric in 2011.TECHTARGET.COM
24 AprU.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber AttacksThe U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) …THEHACKERNEWS.COM
24 AprRing customers get $5.6 million in privacy breach settlementThe Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. [...]BLEEPINGCOMPUTER.COM
24 AprWhat will cyber threats look like in 2024?2023 was a big year for threat intelligence. The sheer volume of threats and attacks revealed through Microsoft’s analysis of 78 trillion daily security signals indicates a shift in how threat actors are scaling and leveraging nation-state support. We saw more attacks than ever b…CSOONLINE.COM
24 AprSmashing Security podcast #369: Keeping the lights on after a ransomware attackLeicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark yet? And as election fever hits India we take a close eye at deepfakery. All this and more is discussed in the latest edition of the "Smashing Security" podcast by c…GRAHAMCLULEY.COM
🕵️ THREAT INTELLIGENCE 32[−]
24 AprISC Stormcast For Wednesday, April 24th, 2024 https://isc.sans.edu/podcastdetail/8952, (Wed, Apr 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 AprHow cyber-crime has become organised warfare | Four Corners 2023submitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/5336d6d8-8de4-4ee7-bfe5-09806df5c377.png How cyber-crime has become organised warfare - Four Corners - ABC News In-depth Every seven minutes a cyber-attack is reported in Australia Millions …INFOSEC.PUB
24 AprRewards Up to $10 Million for Information on Iranian HackersThe United States Justice Department has announced big rewards for information leading to the capture of four Iranian nationals. These individuals are accused of conducting a sophisticated multi-year cyber campaign against American companies. The announcement underscores the grav…GBHACKERS.COM
24 AprNorth Korean Hackers Targeted Dozens of South Korean Defense CompaniesLocal reports claimed that the hackers targeted as many as 83 defense contractors and subcontractors, and managed to steal sensitive information from 10 of them between October 2022 and July 2023, although the campaign lasted over a year.INFOSECURITY-MAGAZINE.COM
24 AprSD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure NetworkingSD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. The post SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprProphet Security Emerges From Stealth Mode With $11 Million in FundingBain Capital Ventures and angel investors invest $11 million in automated alerts analysis startup Prophet Security. The post Prophet Security Emerges From Stealth Mode With $11 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprResearchers Uncover that UK.GOV Websites Sending Data to Chinese Ad Vendor AnalystsAnalysts from Silent Push, a data analytics firm, have uncovered several UK government websites sending user data to a controversial Chinese advertising technology vendor, Yeahmobi. This discovery raises significant concerns about privacy and the integrity of data handling by pub…GBHACKERS.COM
24 AprKnowBe4 Buys Egress to Aid Awareness Training, Email DefenseKnowBe4's First Deal Since 2021 Brings AI-Based Email Protection, Training Together KnowBe4 purchased an email security provider founded by a Check Point veteran to offer AI-based email protection and training that's automatically tailored relative to risk. Acquiring Egress will …DATABREACHTODAY.CO.UK
24 AprRussia-linked hacking group claims to have targeted Indiana water plantsubmitted by kid to cybersecurity 1 points | 0 comments https://edition.cnn.com/2024/04/22/politics/russia-linked-hacking-group-targets-indiana-water-plant/index.htmlEDITION.CNN.COM
24 AprTensorFlow AI models at risk due to Keras API flawsubmitted by kid to cybersecurity 2 points | 0 comments https://www.scmagazine.com/news/tensorflow-ai-models-at-risk-due-to-keras-api-flawSCMAGAZINE.COM
24 AprResearchers develop malicious AI ‘worm’ targeting generative AI systemsResearchers have created a new, never-seen-before kind of malware they call the “Morris II” worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the i…SECURITYINTELLIGENCE.COM
24 AprAmplifier Security Emerges From Stealth With AI Copilot, Human-in-the-Loop AutomationAmplifier Security has raised $3.3 million in funding for a solution that includes human-in-the-loop automation and an AI copilot. The post Amplifier Security Emerges From Stealth With AI Copilot, Human-in-the-Loop Automation appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprNagomi Security Emerges From Stealth With $30 Million in FundingNagomi Security, a company that helps customers prevent threats by leveraging existing security tools, emerged from stealth with $30 million in funding. The post Nagomi Security Emerges From Stealth With $30 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprThreat Actor Uses Multiple Infostealers in Global CampaignA threat actor tracked as CoralRaider has been using multiple infostealers to harvest credentials from users worldwide. The post Threat Actor Uses Multiple Infostealers in Global Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprTines Bags $50 Million Funding for Security Workflow AutomationIrish startup Tines raises $50 million in new venture capital funding as investors make big bets on automation and orchestration startups. The post Tines Bags $50 Million Funding for Security Workflow Automation appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprCoralRaider Hacker Evade Antivirus Detections Using Malicious LNK FileThis campaign is observed to be targeting multiple countries, including the U.S., Nigeria, Germany, Egypt, the U.K., Poland, the Philippines, Norway, and Japan. The threat actor behind this ongoing campaign has been identified as “CoralRaider, ” whose Tactics, Techniq…GBHACKERS.COM
24 AprHackCon Online 2024 - 16 talks - NORWEGIAN and ENGLISHsubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/969dec59-e5e3-4c81-8116-4fd1a2f4f5a6.png HackCon Online 2024 Playlist HackCon Online 2024 HackCon har gått sammen med store deler av sikkerhetsmiljøet i Norge og lagd HackCon Online. HackCon…INFOSEC.PUB
24 AprPhishing Attacks Rise By 58% As The Attackers Leverage AI ToolsAI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns. Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders. Zscaler’s Phish…GBHACKERS.COM
24 AprNavigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the JargonAs a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. The post Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprNorth Korean Hackers Hijack Antivirus Updates for Malware DeliveryA North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners. The post North Korean Hackers Hijack Antivirus Updates for Malware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprIran Dupes US Military Contractors, Gov't Agencies in Cyber CampaignAn Iranian state-sponsored hacking group successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, including the US Treasury and State Department, as part of a five-year cyber espionage campaign.DARKREADING.COM
24 AprKnowBe4 Plans to Acquire Egress for Email Security TechKnowBe4 boasts that the merger will create “the largest, advanced AI-driven cybersecurity platform for managing human risk.” The post KnowBe4 Plans to Acquire Egress for Email Security Tech appeared first on SecurityWeek .SECURITYWEEK.COM
24 AprIs this come kind of hack attempt?submitted by lettruthout to secops 2 points | 1 comments The NGINX access.log of my VPS is showing a curiosity. Instead of a simple request like this… "GET / HTTP/1.1" …regular requests are coming in that look like this “\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\…LEMMY.WORLD
24 AprHarnessing AI: A Step-by-Step Guide for Job SeekersHow ChatGPT Can Help You Write Your Job Application Documents Artificial intelligence offers innovative tools to refine your job application materials. This guide provides practical steps on how to use one common tool, ChatGPT, to enhance your resume and cover letter, ensuring th…DATABREACHTODAY.CO.UK
24 AprAI Voice Cloning Pushes 91% of Banks to Rethink VerificationBioCatch Survey Report Focuses on New AI-Based Risks and Fraud-Fighting Solutions Banks are concerned about advancements in voice-cloning technology and the threat it poses to authentication. The failure of identity-centric solutions to combat synthetic identity fraud has convinc…DATABREACHTODAY.CO.UK
24 AprTines Raises $50M to Boost Enterprise-Focused AI TechnologyCompany to Focus on AI Solutions, Large Enterprise Growth After Series B Extension After closing a $50 million Series B extension led by Felicis and Accel, workflow platform provider Tines sets its sights on expanding its use beyond the security operations center and deepening it…DATABREACHTODAY.CO.UK
24 AprWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
24 Apr5G Hackathons - Casey Ellis - BTS #28Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsi…YOUTUBE.COM
24 AprLogin.gov to Test Facial Recognition Under New LeadershipHanna Kim to Take Over Login.gov at a Pivotal Moment for Federal Sign-On Service Login.gov, the federal government's single sign-on service, told staffers Wednesday that there would be a change in its top leadership starting next month as the organization ramps up plans to begin …DATABREACHTODAY.CO.UK
24 AprThreatLocker Gets $115M to Fuel Zero Trust Defense, Eyes IPOAfter Quintupling Revenue Over the Past 18 Months, ThreatLocker Wants to Go Public ThreatLocker completed a $115 million Series D funding round to further its zero trust cybersecurity ambitions. The Orlando-based company plans to use the funding to expand the number of applicatio…DATABREACHTODAY.CO.UK
24 Apr5 ways a CNAPP can strengthen your multicloud security environmentCNAPP, or cloud-native application protection platform, can be a powerful tool in your cybersecurity toolkit. Read on for highlights of our guide diving into the topic. The post 5 ways a CNAPP can strengthen your multicloud security environment appeared first on Microsoft Securit…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
24 AprUS Gov Slaps Visa Restrictions on Spyware HonchosThe US State Department is imposing visa restrictions on 13 people involved in the development and sale of commercial spyware, as well as their spouses and children. The State Department can deny these people entrance to the United States.DARKREADING.COM
24 AprResearchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt StrikeCybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the Connect…THEHACKERNEWS.COM
📡 INFOSEC NEWS 13[−]
24 AprPeople Doubt Their Own Ability to Spot AI-Generated DeepfakesThe actual number of people exposed to political and other deepfakes is expected to be much higher given many Americans are not able to decipher what is real versus fake, thanks to the sophistication of AI technologies.HELPNETSECURITY.COM
24 AprSecurity bugs in a popular phone-tracking app exposed users’ precise locationsThe location-sharing app iSharing, which has 35 million users, fixed vulnerabilities that exposed users' personal information and precise location data. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
24 AprWindows 11 KB5036980 update goes live with Start Menu ads​Microsoft has enabled Start menu ads in the optional KB5036980 preview cumulative update for Windows 11 22H2 and 23H2. [...]BLEEPINGCOMPUTER.COM
24 AprGoogle Meet opens client-side encrypted calls to non Google usersGoogle is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. [...]BLEEPINGCOMPUTER.COM
24 AprResearchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike"SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit its findings back to its operators," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.THEHACKERNEWS.COM
24 AprGoogle Ad for Facebook Redirects to ScamResearchers observed a malicious ad campaign targeting Facebook users via Google search. The ad, which appears at the top of Google search results for the keyword "Facebook," redirects users to a scam page.MALWAREBYTES.COM
24 AprSecurity Bugs in a Popular Phone-Tracking App Exposed Users’ Precise LocationsA security researcher discovered vulnerabilities in the popular phone-tracking app iSharing, which has over 35 million users. The bugs allowed a user to access others' precise coordinates, even if the user wasn't actively sharing their location data.TECHCRUNCH.COM
24 AprUS charges Samourai cryptomixer founders for laundering $100 millionKeonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade. [...]BLEEPINGCOMPUTER.COM
24 AprWhat makes Starmus unique? – A Q&A with award-winning filmmaker Todd MillerThe director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges as well as why he became involved with Starmus.WELIVESECURITY.COM