– Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users,… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:” A bill that would require federal contractors to implement vulnerability disclosure policies that comply with National Institute of Standards and Technology guidelines cleared a key Senate panel Wednesday, setting the bipartisan legislation up for a vote before the full chamber. The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024 (S. 5028) from Sens. Mark Warner, D-Va., and James...
[[{“value”:” Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian. The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and...
[[{“value”:” Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: iOS 18.1.1 and iPadOS 18.1.1 macOS Sequoia 15.1.1 iOS 17.7.2 and iPadOS 17.7.2 visionOS 2.1.1 Safari 18.1.1 “}]] –...
– Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to an Iranian threat actor commonly referred to as MuddyWater or TA450. Earlier […] – Read More ...
Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8 – Read More –
60% of QR code emails are spam according findings from Cisco Talos, who also identified attackers using QR code art to bypass security filters – Read More –
[[{“value”:” CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant...
[[{“value”:” The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services. Organizations are strongly encouraged...
[[{“value”:” Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards. USDA turned to Fast IDentity Online (FIDO) capabilities,...
– Dubai, United Arab Emirates, 20th November 2024, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– Aqua Nautilus’ research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams.… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– Bitcoin is a pioneer in technological advancement and decentralization. As its creator states in the white paper, peer-to-peer… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. “Criminals can now misuse Google Pay...
CrowdStrike unveiled a new Chinese-aligned hacking group allegedly spying on telecom providers – Read More –
– Cybersecurity firm Sekoia has discovered a new variant of Helldown ransomware. The article details their tactics and how… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of CrowdStrike’s earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use...
– [[{“value”:” 2024 Cyber Resilience Research Unveils US SLED Sector Challenges New data illuminates how US SLED leaders can prioritize resilience. US SLED (State, Local, and Higher Education) organizations find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to US SLED...
Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks – Read More –
– The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take – Read More – The Hacker News
OWASP has updated its Top 10 list of risks for LLMs and GenAI, upgrading several areas and introducing new categories – Read More –
Aqua Security has observed threat actors using compromised Jupyter servers in a bid to illegally stream sporting events – Read More –
Entrust claims deepfakes are driving a surge in digital identity fraud – Read More –
– [[{“value”:”Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that”}]] – Read...
Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day – Read More –
– [[{“value”:” Two-Factor Authentication (2FA) is a security process that adds an additional layer of protection to your accounts by requiring two different types of credentials to verify your identity before granting access. It ensures that even if one of the factors (like your password) is compromised, unauthorised access is still prevented because the attacker would need […] The post...
– [[{“value”:” The Rising Threat of Social Media Hackers Social media platforms are an integral part of daily life, but they are also prime targets for hackers. With billions of users worldwide, these platforms store personal information that is highly valuable to cybercriminals. Understanding how social media hackers operate and learning how to protect your accounts is […] The post...
– [[{“value”:”A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications”}]] – Read More ...
– [[{“value”:”Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. “This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network”}]] – Read More – The...
– [[{“value”:”Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below – CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 – A cookie management vulnerability...
– [[{“value”:” The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company....
– [[{“value”:” A top senator on Tuesday urged the Federal Communications Commission to begin writing rules that would create mandatory security standards for wiretapping systems embedded in the networks of telecommunications carriers. The suggestion to act immediately from Sen. Richard Blumenthal, D-Conn., comes in response to Chinese hackers known as Salt Typhoon, targeting the phones of both 2024 presidential campaigns...
– [[{“value”:” Microsoft has announced the launch of Zero Day Quest, a significant expansion of its bug bounty programs, focused on uncovering high-impact security vulnerabilities in cloud and AI technologies. Under the program, Microsoft will double the bounty rewards for eligible AI vulnerabilities from Nov. 19, 2024, to Jan. 19, 2025, and give researchers direct access to the company’s dedicated...
– [[{“value”:” An interagency federal council charged with securing the government’s IT supply chain would get stronger oversight powers under new legislation from a bipartisan pair of Senate lawmakers. The Federal Acquisition Security Council Improvement Act from Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., is aimed at better combatting security threats posed by technology products made by companies with...
– [[{“value”:” House Republicans and representatives from the rail and pipeline industries criticized what they say are overly onerous security regulations during a Tuesday hearing that could be a preview of how cyber rules are handled in the Trump administration. The House Homeland Security Subcommittee on Transportation and Maritime Security hearing focused on the business impact of Transportation Security Administration...
– Russian national Evgenii Ptitsyn, linked to Phobos ransomware, faces U.S. charges for extortion and hacking, with over $16M… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
Easterly and her Deputy Director Nitin Natarajan are expected to leave office before President-elect Trump names a new leadership – Read More –
T-Mobile was hit by Salt Typhoon, a Chinese cyber-espionage group targeting US and global telecom firms – Read More –
– [[{“value”:” For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the double DIN Kenwood DMX958XR. This unit offers a variety of functionality, such as wired and wireless Android Auto and Apple CarPlay, as well as USB media playback, wireless mirroring, and more. This blog...
Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data – Read More –
– [[{“value”:”In episode 25 of The AI Fix, humanity creates a satellite called Skynet and then loses it, Graham folds proteins in the comfort of his living room, a Florida man gets a robot dog, Grok rats on its own boss, and a podcast host discovers Brazil nuts. Graham meets an elderly grandmother who’s taking on the AI scammers, our...
Palo Alto advised users to patch urgently as the vulnerability is critical and actively exploited in the wild – Read More –
[[{“value”:” View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Improper Validation of Specified Type of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module. A system reset of the module...
[[{“value”:” View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MSM Vulnerabilities: Missing Release of Resource after Effective Lifetime, Loop with Unreachable Exit Condition (‘Infinite Loop’) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to impact the confidentiality, integrity or availability of the MSM. 3. TECHNICAL DETAILS 3.1...
[[{“value”:” CISA released one Industrial Control Systems (ICS) advisory on November 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-324-01 Mitsubishi Electric MELSEC iQ-F Series CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. “}]] – Read More – All CISA Advisories
– [[{“value”:” Whether it’s for espionage purposes or financially motivated cybercrime, proxy services are a common tool in the attacker toolbox. Often used to disguise the true origin or location of malicious activity, proxies can be lucrative for malicious actors, who create them via a botnet and sell access in order for others to run their schemes, which can range...
– [[{“value”:” Amid threats of state-backed APTs turning the geopolitical tide by diving into sensitive networks, some hackers are looking to use misconfigured Jupyter notebook servers to watch UEFA Champions League soccer, according to a new report from Aqua Security. Researchers at the cloud security company said in a report released Tuesday that hackers were drawn to the misconfigured JupyterLab...
– [[{“value”:”Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The”}]] –...
– [[{“value”:”The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. “At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices,” the...
– Protect traveler data with these tips: use VPNs, manage app permissions, and secure travel documents. Travel companies should… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
