🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
3 MayFour Critical Vulnerabilities Expose HPE Aruba Devices to RCE AttacksHPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of the 10 security defects, four are rated critical in severity - CVE-2024-2630…THEHACKERNEWS.COM
3 MayNew “Goldoon” Botnet Hijacking D-Link Routers to Use for Other AttacksSecurity researchers at FortiGuard Labs discovered a new botnet in April that exploits a weakness in D-Link devices. Dubbed “Goldoon,” this botnet has been observed exploiting a nearly decade-old security flaw, CVE-2015-2051, to gain unauthorized control over affected…GBHACKERS.COM
3 May KEVCISA, FBI urge developers to patch path traversal bugs before shippingUS Cybersecurity Infrastructure and Security Agency (CISA) and the FBI have issued a joint advisory to developers, urging them to check for path traversal vulnerabilities before shipping a software. “Directory traversal or path traversal vulnerabilities remain a persistent class …CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 26[−]
3 MayPreparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complet…YOUTUBE.COM
3 MayLayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, AnywhereLayerX , pioneer of the LayerX Browser Security platform, today announced $26 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at Glil…CSOONLINE.COM
3 MayChatGPT Writes Exploits - PSW #827ChatGPT writes exploits, banning default and weak passwords, forget vulnerabilities just get rid of malware, IR blasting for fun and not profit, creating fake people, shattered dreams and passkey, and removing chips. Visit https://www.securityweekly.com/psw for all the latest epi…YOUTUBE.COM
3 MayCisco IP Phone Vulnerability Let Attackers Trigger DoS AttackCisco has disclosed multiple vulnerabilities in its IP Phone firmware that could severely impact users by allowing unauthenticated, remote attackers to perform denial of service (DoS) attacks, gain unauthorized access, and view sensitive information. These vulnerabilities affect …GBHACKERS.COM
3 MayThreat Actors Renting Out Compromised Routers To Other CriminalsAPT actors and cybercriminals both exploit proxy anonymization layers and VPN nodes to mask their malicious activities, while Pawn Storm, a well-known APT group, infiltrated a cybercriminal botnet of compromised Ubiquiti EdgeRouters in 2022 and used it for espionage. The FB…GBHACKERS.COM
3 MayWhy Cloud Vulnerabilities Need CVEsCloud services have introduced new challenges for vulnerability management, as organizations no longer control the underlying infrastructure and must focus on configuration management rather than just patching.HELPNETSECURITY.COM
3 MayCyber Security Today, May 3, 2024 - North Korea exploits weak email DMARC settings, and the latest Verizon analysis of thousands of data breachesThis episode reports on warnings about threats from China, Russia and North Korea, the hack of Dropbox Sign's infrastructure, and moreCYBERSECURITYTODAY.LIBSYN.COM
3 MayNSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted SourcesThe U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by…THEHACKERNEWS.COM
3 MayMalware explained: How to prevent, detect and recover from itWhat is malware? Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information. In other words, software is identified as malware based on its inte…CSOONLINE.COM
3 MayHorizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities FasterSaaS-based, AI-assisted penetration service allows proactive defensive action against exploitation of new vulnerabilities. The post Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayMicrosoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android AppsMicrosoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations. The post Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayMicrosoft continues to add, shuffle security execs in the wake of security incidentsMicrosoft has added new chief information security officers (CISOs) to product teams and appointed a new deputy CISO to liaise with customers. The moves are part of an ongoing attempt to revamp the company’s approach to security in the wake of a high-profile attack that breached …CSOONLINE.COM
3 May68% of Data Breach Occurs Due to Social Engineering AttacksIn the latest edition of Verizon’s Data Breach Investigations Report (DBIR) for 2024, a concerning trend has been highlighted, a significant 68% of data breaches are now occurring due to social engineering attacks. This revelation underscores the increasing sophistication a…GBHACKERS.COM
3 MayHackers Exploit Microsoft Graph API For C&C CommunicationsAn emerging threat leverages Microsoft’s Graph API to facilitate command-and-control (C&C) communications through Microsoft cloud services. Recently, security analysts at Symantec discovered a previously undocumented malware called BirdyClient or OneDriveBirdyClie…GBHACKERS.COM
3 MayApacheMQ Authentication Flaw Let Unauthorized Users Perform Multiple ActionsApache ActiveMQ is a Java based communication management tool for communicating with multiple components in a server. It is an open-source widely used messaging service that can be used to send messages between two or more applications. However, Apache ActiveMQ has been discovere…GBHACKERS.COM
3 MayMal.Metrica Malware Hijacks 17,000+ WordPress SitesInfected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges. Clicking initiates a malicious redirect, exposing users to scams or malware exploiting user familiarity with …GBHACKERS.COM
3 MayreNgine: Open-Source Automated Reconnaissance Framework for Web ApplicationsDeveloped to address limitations in existing tools, reNgine is beneficial for bug bounty hunters, penetration testers, and corporate security teams by automating and enhancing their information collection processes.HELPNETSECURITY.COM
3 MayUS Says North Korean Hackers Exploiting Weak DMARC SettingsThe US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks. The post US Says North Korean Hackers Exploiting Weak DMARC Settings appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayRussian GRU Hackers Compromised German, Czech TargetsAPT28 Used Microsoft Outlook Zero-Day, Governments Said The German and Czech governments on Friday disclosed that Russian military intelligence hackers targeted political parties and critical infrastructure as part of an espionage campaign that began last year. "The EU will not t…DATABREACHTODAY.CO.UK
3 MayNorth Korean Hackers Spoofing Journalist Emails to Spy on ExpertsNorth Korean threat actors, specifically the Kimsuky group, are exploiting weakly configured DMARC protocols to spoof the email addresses of legitimate journalists, academics, and other experts in East Asian affairs.INFOSECURITY-MAGAZINE.COM
3 MayVerizon: The Percentage of Users Clicking Phishing Emails is Still RisingThe long-awaited annual Verizon Data Breach Investigations Report is out, and it’s made very clear that users continue to be a problem in phishing attacks.KNOWBE4.COM
3 MayUncharmed: Untangling Iran's APT42 Operationssubmitted by kid to cybersecurity 1 points | 0 comments https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations APT42, an Iranian cyber espionage group believed to be sponsored by the state and operating under the Islamic Revolutionary Guard Corp…CLOUD.GOOGLE.COM
3 May“Dirty Stream” Attack Affects Popular Android AppsA vulnerability in popular Android apps like Xiaomi File Manager and WPS Office could allow malicious apps to overwrite files in the vulnerable app's home directory, potentially leading to code execution and unauthorized access to user data.MICROSOFT.COM
3 MayNSA warns of North Korean hackers exploiting weak DMARC email policiesThe NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. [...]BLEEPINGCOMPUTER.COM
3 MayMY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’SAN FRANCISCO — On the eve of what promises to be a news-packed RSA Conference 2024 , opening here on Monday, Microsoft is putting its money where its mouth is. Related: Shedding light on LLM vulnerabilities More precisely the software … (more…)LASTWATCHDOG.COM
3 MayNew Botnet 'Goldoon' Targets D-Link DevicesFortiGuard Labs Identifies Botnet Exploiting Decade-Old D-Link Vulnerability Hackers are taking advantage of D-Link home routers left unpatched for a decade and turning them into a newly formed botnet researchers dubbed "Goldoon." The vulnerability allows attackers to execute arb…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 4[−]
3 MayU.S. Govt Warns of Massive Social Engineering Attack from North Korean HackersThe United States government has issued a stark warning about a new wave of social engineering attacks orchestrated by North Korean hackers. The Department of State, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have jointly released a Cybersec…GBHACKERS.COM
3 MayCISA, FBI Urge Organizations to Eliminate Path Traversal VulnerabilitiesCISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure. The post CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayRegulating AI: 'It's Going to Be a Madhouse'Information Security Media group CTO and CISO Dan Grosu discusses the challenges of realistically implementing the directives in President Joe Biden's executive order on artificial intelligence. Hint: He thinks it's going to be "a madhouse" if enterprises don't get more educated …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 11[−]
3 MayWeekly Update 398Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, …TROYHUNT.COM
3 MayRansomware Rising Despite Takedowns, Says Corvus ReportIn its latest ransomware report, Ransomware Groups Don’t Die, They Multiply, published on April 30, the cyber insurance firm Corvus found that ransomware activity increased by 21% in the first quarter of 2024 compared to the same period in 2023.INFOSECURITY-MAGAZINE.COM
3 MayUkrainian REvil Ransomware Affiliate Gets 13 Years in US PrisonYaroslav Vasinskyi was sentenced to 13 years and seven months in prison for his alleged role in the REvil ransomware operation. The post Ukrainian REvil Ransomware Affiliate Gets 13 Years in US Prison appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayLawsuits and Company Devaluations Await For Breached FirmsA new report from Netwrix has laid bare the significant financial and reputational costs stemming from serious cyber-attacks, including what are often unplanned expenses.INFOSECURITY-MAGAZINE.COM
3 MayCybercriminals and Nation-State Actors Found Sharing Compromised NetworksNation-state threat actors like Sandworm used their own dedicated proxy botnets, while APT group Pawn Storm had access to a criminal proxy botnet of Ubiquiti EdgeRouters.TRENDMICRO.COM
3 MayREvil Ransomware Affiliate Sentenced to Over 13 Years in PrisonYaroslav Vasinskyi, a 24-year-old Ukrainian national and affiliate of the notorious REvil ransomware-as-a-service (RaaS) group, has been sentenced to 13 years and 7 months in prison by a US court.INFOSECURITY-MAGAZINE.COM
3 MayUnitedHealth data breach should be a wakeup call for the UK and NHSThe ransomware attack that has engulfed U.S. health insurance giant UnitedHealth Group and its tech subsidiary Change Healthcare is a data privacy nightmare for millions of U.S. patients, with CEO Andrew Witty confirming this week that it may impact as much as one-third of the co…TECHCRUNCH.COM
3 MayNATO and EU condemn Russia's cyberattacks against Germany, CzechiaNATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. [...]BLEEPINGCOMPUTER.COM
3 MayGermany warns of consequences for alleged Russian cyber attacksubmitted by kid to cybersecurity 3 points | 0 comments https://www.reuters.com/technology/cybersecurity/germany-warns-consequences-alleged-russian-cyber-attack-2024-05-03/REUTERS.COM
3 MayISMG Editors: RSA Conference 2024 PreviewAlso: Insights From Verizon's Data Breach Investigations Report; Investment Trends In the latest weekly update, ISMG editors discussed what the thousands of attendees at RSA Conference 2024 can expect this year, key insights from Verizon's Data Breach Investigations Report, and h…DATABREACHTODAY.CO.UK
3 MayPay up, or else? – Week in security with Tony AnscombeOrganizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or notWELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 27[−]
3 MayIsraeli private eye arrested in London over alleged hacking for US firmsubmitted by jorge to cybersecurity 2 points | 0 comments https://www.reuters.com/world/israeli-private-eye-arrested-uk-over-alleged-hacking-us-pr-firm-2024-05-02/ LONDON, May 2 (Reuters) - An Israeli private investigator wanted by the United States was arrested in London over al…REUTERS.COM
3 MayISC Stormcast For Friday, May 3rd, 2024 https://isc.sans.edu/podcastdetail/8966, (Fri, May 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 MayHow well can an employer be certain of a remote employee's geographical location?submitted by maegul to cybersecurity 1 points | 0 comments FWIW, this isn’t to do with me personally at all, I’m not looking to do anything dodgy here, but this came up as a theoretical question about remote work and geographical security, and I realised I didn’t know enough abou…INFOSEC.PUB
3 MayGUEST ESSAY: A primer on how, why ‘dynamic baselining’ fosters accurate DDoS protectionBusinesses today need protection from increasingly frequent and sophisticated DDoS attacks . Service providers, data center operators, and enterprises delivering critical infrastructure all face risks from attacks. Related: The care and feeding of DDoS defenses But to protect the…LASTWATCHDOG.COM
3 MayRSAC Fireside Chat: The necessary care and feeding of DDoS detection and protection systemsAt the start, Distributed Denial of Service (DDoS) attacks were often motivated by bragging rights or mischief. Related: The role of ‘dynamic baselining’ DDoS attack methodology and defensive measures have advanced steadily since then. Today, DDoS campaigns are launch…LASTWATCHDOG.COM
3 MayWhite House Issues National Security Memorandum for Critical InfrastructureThe White House has published a national security memorandum focusing on critical infrastructure security and resilience. The post White House Issues National Security Memorandum for Critical Infrastructure appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayRare Interviews with Enigma Cryptanalyst Marian RejewskiThe Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography .SCHNEIER.COM
3 MayMicrosoft Graph API Emerges as a Top Attacker Tool to Plot Data Theftsubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cloud-security/microsoft-graph-api-emerges-as-top-attacker-tool-to-plot-data-theftDARKREADING.COM
3 MayHackers Target New NATO Member Sweden with Surge of DDoS Attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/nato-sweden-surge-ddos-attacks/INFOSECURITY-MAGAZINE.COM
3 MayDPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warnsubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cloud-security/dprks-kimsuky-apt-abuses-weak-dmarc-policies-feds-warnDARKREADING.COM
3 MayAI-Driven Phishing Attacks Deceive Even the Most Aware UsersBy automating and personalizing various aspects of the attack process, such as crafting convincing emails and creating realistic phishing pages, threat actors can deceive even the most aware users.HELPNETSECURITY.COM
3 MayWhat we can learn from the best collegiate cyber defendersThis year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This yea…SECURITYINTELLIGENCE.COM
3 MayBotnet Disrupted by FBI Still Used by Russian Spies, CybercriminalsA botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers. The post Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayArcaneDoor Espionage Campaign Targeting Cisco Firewalls Linked to ChinaAn analysis of IoCs suggests that a Chinese threat group may be behind the recent ArcaneDoor espionage campaign targeting Cisco firewalls. The post ArcaneDoor Espionage Campaign Targeting Cisco Firewalls Linked to China appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayHackers Increasingly Abusing Microsoft Graph API for Stealthy Malware CommunicationsThreat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud serv…THEHACKERNEWS.COM
3 MayIn Other News: Locked Shields 2024, Data Exposure Bugs, NVIDIA PatchesNoteworthy stories that might have slipped under the radar: 4,000 take part in Locked Shields 2024 exercise, Qantas and JP Morgan hit by data exposure bugs, NVIDIA patches critical flaw. The post In Other News: Locked Shields 2024, Data Exposure Bugs, NVIDIA Patches appeared firs…SECURITYWEEK.COM
3 MayLayerX Raises $26 Million for Browser Security PlatformIsraeli startup LayerX Security banks $25 million in new financing as investors continue to pour money into secure web browsing technologies. The post LayerX Raises $26 Million for Browser Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayRSA Conference, Verizon DBIR, funding, reports, partnerships and more - ESW #360It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also pu…YOUTUBE.COM
3 MayGoogle rolls back reCaptcha update to fix Firefox issuesGoogle has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. [...]BLEEPINGCOMPUTER.COM
3 MayMy TED TalksI have spoken at several TED conferences over the years. TEDxPSU 2010: “ Reconceptualizing Security ” TEDxCambridge 2013: “ The Battle for Power on the Internet ” TEDMed 2016: “ Who Controls Your Medical Data ?” I’m putting this here beca…SCHNEIER.COM
3 MayMicrosoft Overhauls Cybersecurity Strategy After Scathing CSRB ReportMicrosoft security chief Charlie Bell pledges significant reforms and a strategic shift to prioritize security above all other product features. The post Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report appeared first on SecurityWeek .SECURITYWEEK.COM
3 MayProtecting Your Digital Footprint: The Dangers of Sharing Too Much on Social MediaFor most folks, social media has become integral to their daily lives in today's hyperconnected world. They use platforms like Facebook, Twitter and Instagram to share their thoughts, experiences and personal moments with friends and family.KNOWBE4.COM
3 MayWeird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-383YOUTUBE.COM
3 MayFriday Squid Blogging: Squid PursesSquid-shaped purses for sale. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
3 MayHow Intel 471's Buy of Cyborg Is Reshaping Threat HuntingWhy Customers Benefit From Bringing Threat Hunting and Threat Intelligence Together Intel 471 bought a threat hunting startup led by a Raytheon and Swimlane leader to help clients more effectively address complex cyberthreats. Buying Cyborg Security will bring threat hunting and …DATABREACHTODAY.CO.UK
3 MayNew Report Exposes Iranian Hacking Group's Media MasqueradeMandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of Data Members of the Iranian state hacking group APT42 have been observed posing as journalists from credible news outlets and well-known research institutions as part of a global effort to harvest cred…DATABREACHTODAY.CO.UK
3 MaySecurity above all else—expanding Microsoft’s Secure Future InitiativeMicrosoft is expanding the scope of the Secure Future Initiative to adapt to the evolving cyberthreat landscape. Read about the principles and pillars driving this initiative. The post Security above all else—expanding Microsoft’s Secure Future Initiative appeared first on Micros…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 6[−]
3 MayMal.Metrica Redirects Users to Scam SitesMal.Metrica is a significant malware campaign targeting vulnerabilities in popular WordPress plugins. It injects external scripts using domain names resembling legitimate services to redirect users to malicious sites.SUCURI.NET
3 MayInvestigation Uncovers Substantial Spyware Exports to IndonesiaAn investigation by Amnesty International's Security Lab revealed that Indonesia has been procuring powerful and invasive commercial spyware and surveillance products from international vendors, brokers, and resellers.THERECORD.MEDIA
3 MayExpert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight BackIn today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its onl…THEHACKERNEWS.COM
3 MayLive Webinar | Protecting Your Pipeline: Strategies to Thwart Supply Chain AttacksDATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 19[−]
3 MayGoogle Announces Passkeys Adopted by Over 400 Million AccountsGoogle on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pi…THEHACKERNEWS.COM
3 MayNASA Doesn’t Know if Its Spacecraft Have Adequate Cyber Defenses, GAO WarnsNASA has been cautioned by the Government Accountability Office (GAO) for not having mandatory security guidance in place for its spacecraft acquisition policies and standards.NEXTGOV.COM
3 MayWatch Out for Tech Support Scams Lurking in Sponsored Search ResultsScammers often impersonate reputable companies like CNN and Amazon, leading users to malicious sites. Victims are urged to call fake tech support numbers, leading to costly scams.MALWAREBYTES.COM
3 MayAttack Report: Custom QR Code Phishing TemplatesHackers are using custom QR code templates that are personalized for each target organization, making the attacks appear more legitimate and increasing their chances of success.AVANAN.COM
3 MayEssential Steps for Zero-Trust Strategy ImplementationAccording to Gartner, 63% of organizations worldwide have fully or partially implemented a zero-trust strategy. For 78% of organizations implementing a zero-trust strategy, this investment represents less than 25% of the overall cybersecurity budget.HELPNETSECURITY.COM
3 MayUS Charges 16 Over ‘Depraved’ Grandparent ScamsThe scam involved call center workers impersonating the victims' relatives, claiming they were in legal trouble or had been in an accident, and convincing the victims to send thousands of dollars to help them.THEREGISTER.COM
3 MayNew Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate DataSaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since th…THEHACKERNEWS.COM
3 MayCybersecurity Consultant Arrested After Allegedly Extorting IT FirmVincent Cannady, a former cybersecurity consultant, was arrested for allegedly extorting a publicly traded IT company by threatening to disclose confidential data unless they paid him $1.5 million.BLEEPINGCOMPUTER.COM
3 MayEuropol Op Shutters 12 Scam Call Centers And Cuffs 21 Suspected FraudstersPACKETSTORMSECURITY.COM
3 MayDeepKeep Secures $10M in Seed Funding to Boost GenAI Protection EndeavorsFounded in 2021 by Rony Ohayon, DeepKeep specializes in AI-Native Trust, Risk, and Security Management (TRiSM). The platform caters to large corporations reliant on AI, GenAI, and LLM technologies for risk management and growth protection.MEDIUM.COM
3 MayMicrosoft rolls out passkey auth for personal Microsoft accountsMicrosoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. [...]BLEEPINGCOMPUTER.COM
3 MayMore Than Two Dozen Android Vulnerabilities FixedXiaomi resolved 20 flaws, ensuring user safety by fixing issues like arbitrary access to system components and data leaks. Google also fixed six vulnerabilities, including geolocation access through the camera and arbitrary file access.THEREGISTER.COM
3 MayThe Intelligent SOC: Fusion Methodology at the Intersection of Intelligence, Context, and Action in Modern EnterprisesDATABREACHTODAY.CO.UK
3 MayWeb Trackers Persist in Healthcare Despite Privacy RisksWhile fewer healthcare websites appear to be using online trackers now than a year ago, nearly 1 in 3 firms are still using Meta Pixel and similar tech tools despite warnings from regulators and a rise in class action litigation alleging privacy violations, said Ian Cohen, CEO of…DATABREACHTODAY.CO.UK
3 MayAndroid bug can leak DNS traffic with VPN kill switch enabledA Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. [...]BLEEPINGCOMPUTER.COM
3 MayAndroid bug leaks DNS queries even when VPN kill switch is enabledA Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. [...]BLEEPINGCOMPUTER.COM