101Articles
9Categories
2024-05-02Date
🚨 CISA KEV 2[−]
2 May KEVCISA Adds GitLab Flaw to its Known Exploited Vulnerabilities CatalogThis flaw allows for an account takeover via Password Reset, enabling attackers to hijack accounts without any interaction. The affected versions range from 16.1 to 16.7, with GitLab releasing patches for versions 16.1.6 to 16.7.2.SECURITYAFFAIRS.COM
2 May KEVCISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal VulnerabilitiesToday, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software . This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal …CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
2 May KEVCISA Warns of Active Exploitation of Severe GitLab Password Reset VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in the wild. Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum…THEHACKERNEWS.COM
2 MayNew "Goldoon" Botnet Targets D-Link Routers With Decade-Old FlawA never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-20…THEHACKERNEWS.COM
2 MayNew Goldoon Botnet Targeting D-Link Devices Using Decade-Old FlawThis botnet exploits the CVE-2015-2051 flaw to download a dropper script, and then deploys the Goldoon malware for DDoS attacks. The botnet uses various autorun methods for persistence and connects to a C2 server for instructions.FORTINET.COM
2 MayArubaOS Critical Vulnerability Let Attackers Execute Remote CodeMultiple vulnerabilities have been discovered in ArubaOS that affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. These vulnerabilities are linked to Unauthenticated Buffer Overflow (…GBHACKERS.COM
2 MayScans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796, (Thu, May 2nd)Before diving into the vulnerability, a bit about the affected devices. LB-Link, the make of the devices affected by this vulnerability, produces various wireless equipment that is sometimes sold under different brands and labels. This will make it difficult to identify affected …ISC.SANS.EDU
2 MayChromium: CVE-2024-4331 Use after free in Picture In PictureThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
2 MayChromium: CVE-2024-4368 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 25[−]
2 MayPanda Restaurant Corporate Systems Hacked: Customer Data ExposedPanda Restaurant Group, Inc., a leading name in the fast-food industry, has confirmed a significant breach in its corporate data systems. The incident, which came to light on March 10, 2024, has potentially compromised the personal information of an undisclosed number of customer…GBHACKERS.COM
2 MayBiden delivers updated take on security for critical infrastructureAmid serious cyberattacks by Russian and Chinese threat actors , the Biden administration issued a new National Security Memorandum (NSM-22) to update Presidential Policy Director 21 (PPD-21) from the Obama administration to secure and enhance the resilience of US critical infras…CSOONLINE.COM
2 MayMost interesting products to see at RSAC 2024Themed the Art of Possible, the 2024 RSA Conference takes place between 6 and 9 of May and will offer insights into the latest trends, how to master new skills, and more. More than 640 vendors will exhibit their new products at the expo and CSO has sifted through the upcoming ann…CSOONLINE.COM
2 MayRSAC Fireside Chat: How the open-source community hustled to identify LLM vulnerabilitiesIt took some five years to get to 100 million users of the World Wide Web and it took just one year to get to 100 million Facebook users. Related: LLM risk mitigation strategies Then along came GenAI and Large … (more…)LASTWATCHDOG.COM
2 MayCISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerabilitysubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html?m=1THEHACKERNEWS.COM
2 MayUnitedHealth hack may impact a third of US citizens: CEO testimonyUnitedHealth CEO Andrew Witty testified before the House Energy and Commerce Committee that the personal data of potentially a third of US citizens may have been exposed on the dark web following the ransomware attack on its Change Healthcare unit. Despite paying a $22 million ra…CSOONLINE.COM
2 MayDropbox Sign hack exposed user data, raises security concerns for e-sign industryIn a major blow to user trust, Dropbox revealed a security breach in its e-signature platform, Dropbox Sign, formerly known as HelloSign. Unauthorized and unknown entities accessed Dropbox Sign’s environment that contained customer data including usernames, email addresses, and o…CSOONLINE.COM
2 MayWhen is One Vulnerability Scanner Not Enough?Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept has…THEHACKERNEWS.COM
2 MayDropbox Discloses Breach of Digital Signature Service Affecting All UsersCloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product…THEHACKERNEWS.COM
2 MayVulnerability Exploits Triple as Initial Access Point for BreachesAccording to Verizon’s 2024 Data Breach Investigations Report, this method of gaining unauthorized access leading to a breach accounted for 14% of malicious actors’ way into a network. It is the third most used after credential theft and phishing.INFOSECURITY-MAGAZINE.COM
2 MayHPE Aruba Networking Fixes Four Critical RCE Flaws in ArubaOSHPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.BLEEPINGCOMPUTER.COM
2 May1,400 GitLab Servers Impacted by Exploited VulnerabilityCISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched. The post 1,400 GitLab Servers Impacted by Exploited Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayIranian hackers harvest credentials through advanced social engineering campaignsAn Iranian state-sponsored actor known for cyber espionage activities has been using enhanced social engineering tactics, such as posing as journalists and event organizers, to gain access into victim cloud environments, according to a joint Mandiant and Google Cloud research. Tr…CSOONLINE.COM
2 MayIs it possible to use zero knowledge proofs to verify journalism sources?submitted by Danterious to cybersecurity 1 points | 0 comments After reading this thread I had the question on whether it is possible to verify you have certain information without revealing who you are to others.INFOSEC.PUB
2 MayVerizon DBIR 2024 Shows Surge in Vulnerability Exploitation, Confirmed Data BreachesVerizon’s 2024 DBIR shows that vulnerability exploitation increased three times and confirmed data breaches doubled compared to the previous year. The post Verizon DBIR 2024 Shows Surge in Vulnerability Exploitation, Confirmed Data Breaches appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayVNC Is The Hacker’s New Remote Desktop Tool For Cyber AttacksWhile facilitating remote work, remote desktop software presents security challenges for IT teams due to the use of various tools and ports. The multitude of ports makes it difficult to monitor for malicious traffic. Weak credentials and software vulnerabilities are exploited to …GBHACKERS.COM
2 MayPopular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite FlawSeveral popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications o…THEHACKERNEWS.COM
2 MayCISA Releases Three Industrial Control Systems AdvisoriesCISA released three Industrial Control Systems (ICS) advisories on May 02, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-123-01 CyberPower PowerPanel ICSA-24-123-02 Delta Electronics DIAEner…CISA.GOV
2 MayManaged Service Provider Denies Being Source of BreachHealth Analytics Firm Said Hackers Stole Data on 1 Million by Hacking MSP's Network Who's responsible for a breach that exposed personal information for 1.1 million individuals? While a Maine consultancy blamed the breach on a managed service provider's network getting hacked, th…DATABREACHTODAY.CO.UK
2 MayEU plan to force messaging apps to scan for CSAM risks millions of false positives, experts warnA controversial push by European Union lawmakers to legally require messaging platforms to scan citizens’ private communications for child sexual abuse material (CSAM) could lead to millions of false positives per day, hundreds of security and privacy experts warned in an o…TECHCRUNCH.COM
2 MayPolice shuts down 12 fraud call centres, arrests 21 suspectsLaw enforcement shut down 12 phone fraud call centers in Albania, Bosnia and Herzegovina, Kosovo, and Lebanon, behind thousands of scam calls daily. [...]BLEEPINGCOMPUTER.COM
2 MayBitwarden launches new MFA Authenticator app for iOS, AndroidBitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [...]BLEEPINGCOMPUTER.COM
2 MayBreach Roundup: REvil Hacker Gets Nearly 14-Year SentenceAlso: Another Ivanti Zero-Day? And FBI Calls for Strengthening DMARC Policies This week, REvil hacker sentenced; ZDI saw possible Ivanti-zero-day; FBI said to strengthen DMARC policies; Okta saw surge in credential stuffing attacks; French hospital refused to pay ransom; JPMorgan…DATABREACHTODAY.CO.UK
2 MayCritical Flaw in R Language Poses Supply Chain RiskDeserialization Vulnerability Allows for Remote Code Execution A high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who say they uncovered a deserialization flaw. Security researchers have long known that hackers sneak…DATABREACHTODAY.CO.UK
📋 SECURITY BULLETINS 2[−]
2 MayAttention all Windows Users! The Microsoft April Security Update Could Break Your VPNIn a recent development that has caught the attention of IT administrators and users alike, Microsoft has acknowledged a significant issue affecting VPN connections on Windows devices. This problem has emerged following the installation of the April 2024 security update, impactin…GBHACKERS.COM
2 MayThe UK Bans Default PasswordsThe UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product…SCHNEIER.COM
📢 SECURITY ADVISORIES 5[−]
2 MayRussian Hackers Actively Attacking Small-scale Infrastructure SectorsRussian hacktivists increasingly target small-scale operational technology (OT) systems across North America and Europe. These attacks, primarily focused on the Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture sectors, pose significant threats to critica…GBHACKERS.COM
2 MayNCSC’s New Mobile Risk Model Aimed at “High-Threat” FirmsThe initiative is designed to mitigate the threat of consumer-grade devices being targeted by commercial spyware, potentially enabling sophisticated threat actors to use these as a stepping stone into back-end corporate systems and data.INFOSECURITY-MAGAZINE.COM
2 MayJapan’s Kishida Unveils a Framework for Global Regulation of Generative AIJapan's Prime Minister unveiled an international framework for regulation and use of generative AI, adding to global efforts on governance for the rapidly advancing technology. The post Japan’s Kishida Unveils a Framework for Global Regulation of Generative AI appeared first on S…SECURITYWEEK.COM
2 MayCISA urges software devs to weed out path traversal vulnerabilities​CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping. [...]BLEEPINGCOMPUTER.COM
2 MayYour Google Account allows you to create passkeys on your phone, computer and security keysSriram Karra and Christiaan Brand, Google product managers Last year, Google launched passkey support for Google Accounts. Passkeys are a new industry standard that give users an easy, highly secure way to sign-in to apps and websites. Today, we announced that passkeys have been …SECURITY.GOOGLEBLOG.COM
🔥 INCIDENT REPORTING 19[−]
2 MayChange Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO saysUnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection. The post Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says appeared…SECURITYWEEK.COM
2 MayREvil Ransomware Affiliate Sentenced for 13 Years in PrisonA Ukrainian national, Yaroslav Vasinskyi, has been sentenced to 13 years and seven months in prison. Vasinskyi, known in the cyber underworld as Rabotnik, was also ordered to pay over $16 million in restitution for his role in orchestrating more than 2,500 ransomware attacks worl…GBHACKERS.COM
2 MayDropbox Data Breach Impacts Customer InformationDropbox says hackers breached its Sign production environment and accessed customer email addresses and hashed passwords. The post Dropbox Data Breach Impacts Customer Information appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayThreat Actors Attacking MS-SQL Servers to Deploy RansomwareCybersecurity experts have uncovered a series of sophisticated cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers. The attackers, identified as the TargetCompany ransomware group, have been deploying the Mallox ransomware in a bid to encrypt systems and extort v…GBHACKERS.COM
2 MayUS Warns of Russian Hackers Targeting Operational Technology in Water SystemsThe alert says that water operators are employing poor security standards that have allowed the hackers to breach their networks, including the use of default passwords that are included when the water system management tools are first installed.NEXTGOV.COM
2 MayDropbox Sees Breach of Legally Binding E-Signature ServiceAll Dropbox Sign Users' Emails Stolen, Plus Some MFA and OAuth Tokens, API Keys Dropbox said hackers breached its infrastructure and stole swaths of customer data for its legally binding electronic signature service, Dropbox Sign, including names, emails, hashed passwords and aut…DATABREACHTODAY.CO.UK
2 MayAI is Creating a New Generation of CyberattacksMost businesses see offensive AI fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks, according to Netacea.HELPNETSECURITY.COM
2 MayLockBit, Black Basta, Play Dominate Ransomware in Q1 2024LockBit, Black Basta, and Play have been observed to be the most active ransomware groups in Q1 2024, with Black Basta experiencing a notable 41% increase in activity, according to a report by ReliaQuest.INFOSECURITY-MAGAZINE.COM
2 May2024 Data Breach Investigations Report: Most breaches involve a non-malicious human elementsubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2024/05/02/verizon-2024-data-breach-investigations-report-dbir/HELPNETSECURITY.COM
2 MayUkrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 MillionA Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of th…THEHACKERNEWS.COM
2 MayHackers Claiming Breach of UAE Government ServersA group of hackers has claimed responsibility for infiltrating several servers belonging to the United Arab Emirates government. The announcement was made through a tweet, which has sparked widespread concern and discussions about cybersecurity measures within government infrastr…GBHACKERS.COM
2 MayREvil hacker behind Kaseya ransomware attack gets 13 years in prisonYaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. [...]BLEEPINGCOMPUTER.COM
2 MayGoldDigger Malware Using Deep Fake AI Photos To Hijack Bank AccountsHackers use deep fake AI photos to impersonate individuals online, allowing them to deceive, manipulate, or gain unauthorized access to sensitive information or systems.  Cybersecurity researchers at InfoBlox recently discovered GoldFamily, an evolved GoldDigger trojan targe…GBHACKERS.COM
2 MayDropbox Sign e-signature service hacked | Kaspersky official blogHow Dropbox Sign was hacked, what data was leaked during the attack, and what users should do to protect themselves from the consequences of the hackKASPERSKY.COM
2 MayRansomware Defense Startup Mimic Raises Hefty $27M Seed RoundA new Silicon Valley startup called Mimic is coming out of the shadows with a hefty $27 million seed-stage funding round led by Ballistic Ventures. The post Ransomware Defense Startup Mimic Raises Hefty $27M Seed Round appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayAnalysis Shows 2023 to be “Worst Year for Phishing on Record”Newly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight.KNOWBE4.COM
2 MayRehab Hospital Chain Hack Affects 101,000; Facing 6 LawsuitsAt Least 33 Ernest Health Facilities in 12 States Are Reporting Breaches A Texas-based operator of rehabilitation hospitals is facing multiple federal proposed class action lawsuits in the wake of an apparent ransomware attack that affected dozens of its facilities in several sta…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 24[−]
2 MayDeepfake of Principal’s Voice Is the Latest Case of AI Being Used for HarmEveryone — not just politicians and celebrities — should be concerned about this increasingly powerful deep-fake technology, experts say. The post Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayISC Stormcast For Thursday, May 2nd, 2024 https://isc.sans.edu/podcastdetail/8964, (Thu, May 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 MayUSB Malware Attacks Targeting Industrial Systems Adapts LOL TacticsHoneywell’s 2024 GARD USB Threat Report analyzes malware discovered on USB devices used in industrial settings, highlighting a significant increase in malware prevalence, with a 33% rise in detections compared to the prior year.  The malware poses a serious threat to o…GBHACKERS.COM
2 MayIranian Hackers Impersonate Journalists in Social Engineering CampaignA hacking group linked to the intelligence wing of Iran’s Revolutionary Guard Corps impersonated journalists and human rights activists as part of a social engineering campaign, according to research released Wednesday by Mandiant and Google Cloud.CYBERSCOOP.COM
2 MayDigital fraud detection startup BioCatch hits $1.3B valuation as Permira buys majority stakeDigital fraud detection company BioCatch has a new majority shareholder in the form of U.K private equity firm Permira. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
2 MayPrisma SASE 3.0 — Securing Work Where It HappensPrisma SASE 3.0 is a quantum leap for SASE, designed to not only solve today's work security challenges, but tomorrow's as well. The post Prisma SASE 3.0 — Securing Work Where It Happens appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
2 MayThe AWS S3 Denial of Wallet Amplification Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041dLIMBUS-MEDTEC.COM
2 MayRussian Hackers Target Industrial Systems in North America, EuropeGovernment agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems. The post Russian Hackers Target Industrial Systems in North America, Europe appeared first on SecurityWeek .SECURITYWEEK.COM
2 May'Cuttlefish' Zero-Click Malware Steals Private Cloud Datasubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cloud-security/cuttlefish-zero-click-malware-steals-private-cloud-dataDARKREADING.COM
2 MayNews alert: LayerX Security raises $24M Series A funding for its ‘enterprise browser’ security platformTel Aviv, Israel, May 2, 2024, CyberNewsWire — LayerX , pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies … (more…LASTWATCHDOG.COM
2 MayNetwork Security Firm Corelight Raises $150 MillionNetwork detection and response (NDR) provider Corelight has raised $150 million in a Series D funding round led by Accel. The post Network Security Firm Corelight Raises $150 Million appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayCuttlefish 0-click Malware Hijacks Routers & Captures DataCuttlefish is a new malware platform that has been identified to be active since at least July 2023. This malware platform specifically targets networking equipment like enterprise-grade small office/home office routers. The latest campaign is discovered to be ongoing from Octobe…GBHACKERS.COM
2 MayKicking Off With Crypto - PSW #827The Security Weekly crew discusses some of the latest articles and research in cryptography and some background relevant subtopics including the race against quantum computing, key management, creating your own crypto, selecting the right crypto and more! - https://www.globalsecu…YOUTUBE.COM
2 MayLayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, AnywhereLayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at Glilo…GBHACKERS.COM
2 MayBuilding the Right Vendor Ecosystem – a Guide to Making the Most of RSA ConferenceAs you look to navigate RSA Conference, with so many vendors, approaches and solutions, how do you know what solutions you should be investing in? The post Building the Right Vendor Ecosystem – a Guide to Making the Most of RSA Conference appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayAI Security Startup Apex Emerges From Stealth With Funding From OpenAI CEOIsraeli AI security firm Apex has received $7 million in seed funding for its detection, investigation, and response platform. The post AI Security Startup Apex Emerges From Stealth With Funding From OpenAI CEO appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayStartup Dealflow: New Investments at Resonance, RunReveal, StepSecurity, Insane CyberCybersecurity startups Insane Cyber, Resonance Security, RunReveal and StepSecurity announce pre-seed, early-stage, and seed funding rounds. The post Startup Dealflow: New Investments at Resonance, RunReveal, StepSecurity, Insane Cyber appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayCryptohack Roundup: Geosyn Fraud LawsuitAlso: North Korea Money Laundering and South Korean Crypto Police This week, SEC filed suit against Geosyn, prosecutors fought dismissed Tornado Cash charges, analyst tracked North Korean crypto laundering, European Parliament OK'd anti-money laundering law, FBI warned of unregis…DATABREACHTODAY.CO.UK
2 MayVeracode CEO on Mastering Application Security in the AI EraNew CEO Brian Roche on Application Management and the Role of AI in Managing Risk New Veracode CEO Brian Roche discusses the importance of artificial intelligence in managing application risk, the integration of startup Longbow Security into Veracode's ecosystem, and the converge…DATABREACHTODAY.CO.UK
2 MayIs RogerLovesTaco$24 a Strong Password?Is "RogerLovesTaco$24" a strong password? No! Everyone has a ton of passwords. They should be strong and unique for every site and service you use. Everyone knows this.KNOWBE4.COM
2 MayPermira Takes Majority Stake in BioCatch at $1.3B ValuationBiometrics Stalwart Eyes M&A, Geographic Expansion With Private Equity Firm Backing Permira has acquired a majority stake in BioCatch at a $1.3 billion valuation, solidifying the company's global expansion plans. The behavioral biometrics company is exploring mergers and acqu…DATABREACHTODAY.CO.UK
2 MayExperts Say White House Memo Overlooks Space Cyber RisksSecurity Memo Update Opts Not to Include Space as Critical Infrastructure Sector Space industry executives say they're feeling left out of a push to better national cybersecurity, calling a White House update on Tuesday to a memo organizing critical infrastructure efforts a misse…DATABREACHTODAY.CO.UK
2 MayMicrosoft introduces passkeys for consumer accountsThe best part about passkeys is that you’ll never need to worry about creating, forgetting, or resetting passwords ever again. Read about Microsoft’s new passkey support for consumer accounts. The post Microsoft introduces passkeys for consumer accounts appeared first on Microsof…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
2 MayNew Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud CredentialsA new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, …THEHACKERNEWS.COM
2 MaySafeBase Raises $33M in Series B to Accelerate Vision for Friction-Free Security ReviewsElisity, a leader in identity-based microsegmentation, has secured $37 million in Series B funding from Insight Partners to enhance its AI capabilities for cyber threat anticipation.FINANCE.YAHOO.COM
📡 INFOSEC NEWS 15[−]
2 MayCorelight Gets $150M to Expand Detection, Improve WorkflowsThe latest investment will allow Corelight to deepen its relationship with existing partners, while extending its expertise from large enterprises and government entities to the enterprise sector.BANKINFOSECURITY.COM
2 MayHow Kaspersky stores passwords | Kaspersky official blogWorld Password Day: we explain how we protect your sensitive data, and share tips for creating mnemonic passwords.KASPERSKY.COM
2 MayCyber Startup Oasis Secures $35 Million Series A Extension, Doubles ValuationThe extension round was led by existing investors Accel, Cyberstarts, and Sequoia Capital, along with private investors. Oasis has now raised a total of $75 million, including its seed round and previous Series A.CALCALISTECH.COM
2 MayDeepfakes and AI-Driven Disinformation Threaten PollsCheap and easy access to AI makes it harder to detect state-sponsored and homegrown campaigns during this election yearTRENDMICRO.COM
2 MayCybersecurity consultant arrested after allegedly extorting IT firmA former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000. [...]BLEEPINGCOMPUTER.COM
2 MayMicrosoft won't fix Windows 0x80070643 errors, manual fix required​Microsoft has confirmed that it won't provide an automated fix for a known issue causing 0x80070643 errors when installing recent Windows Recovery Environment (WinRE) updates. [...]BLEEPINGCOMPUTER.COM
2 MayFinnish Psychotherapy Center Cyber-Blackmailer Gets Six YearsThe district court of Länsi-Uusimaa, Finland, sentenced Aleksanteri Kivimäki, 26, on Tuesday for crimes against the Vastaamo center and those in its care, which included more than 20,000 extortion attempts.THEREGISTER.COM
2 MayHackers Target New NATO Member Sweden with Surge of DDoS AttacksSweden has faced a wave of distributed denial of service (DDoS) attacks since it started the process of joining NATO, according to network performance management provider Netscout.INFOSECURITY-MAGAZINE.COM
2 MayProtecting Model Updates in Privacy-Preserving Federated Learning: Part TwoThe problem The previous post in our series discussed techniques for providing input privacy in PPFL systems where data is horizontally partitioned. This blog will focus on techniques for providing input privacy when data is vertically partitioned . As described in our third post…NIST.GOV
2 MayGoogle expands passkey support to its Advanced Protection Program ahead of the US presidential electionAhead of the U.S. presidential election, Google is bringing passkey support to its Advanced Protection Program (APP), which is used by people who are at high risk of targeted attacks, such as campaign workers, candidates, journalists, human rights workers, and more. APP tradition…TECHCRUNCH.COM
2 MayMicrosoft warns of "Dirty Stream" attack impacting Android appsMicrosoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft. [...]BLEEPINGCOMPUTER.COM
2 MayCEO who sold fake Cisco devices to US military gets 6 years in prisonOnur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide. [...]BLEEPINGCOMPUTER.COM
2 MayAdding insult to injury: crypto recovery scamsOnce your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice overWELIVESECURITY.COM