Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. POP3 (Post…
Category: EN
US Confirms Russian GenAI Disinformation Op Targeted Election
The US government has sanctioned Russian state-affiliated entity CGE, which used a vast GenAI infrastructure to spread disinformation during the US Presidential election This article has been indexed from www.infosecurity-magazine.com Read the original article: US Confirms Russian GenAI Disinformation Op…
Configurations Mega Blog: Why Configurations Are the Wrong Thing to Get Wrong
So many times, we look beyond the mark. With our feeds constantly inundated with headline-grabbing news about AI-generated threats, nation states upping their cybercrime game, and sophisticated new forms of malware, we can be tempted to think that the bulk…
GLAMIRA – 999,999 breached accounts
In late 2023, the online jewellery store GLAMIRA suffered a data breach they attributed to "an unauthorised individual [who] briefly accessed one of our servers". The data was subsequently published on a popular hacking forum and included 875k email addresses,…
The Critical Risk of Using Dummy Email Domains in Payment Gateways
During our recent security assessments across multiple clients, we discovered a concerning pattern: many companies are unknowingly exposing their customers’ sensitive payment information through a simple yet critical misconfiguration in… The post The Critical Risk of Using Dummy Email Domains…
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed…
China hacks Treasury, Russian tanker sabotage, Lumen ejects Typhoon
Beijing-linked hackers penetrated U.S. Treasury systems Russian tanker suspected of undersea data cable sabotage Lumen says it has locked the Salt Typhoon group out of its network Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks…
TotalAV VPN vs Surfshark: Which VPN Should You Choose?
TotalAV combines a simple VPN with antivirus software, while Surfshark offers a standalone VPN with better features and faster speeds. This article has been indexed from Security | TechRepublic Read the original article: TotalAV VPN vs Surfshark: Which VPN Should…
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. “We expect that most users will not be directly affected, however, it is…
SwaetRAT Delivery Through Python, (Fri, Jan 3rd)
We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior[1] and a low Virustotal score (7/61). It targets Microsoft Windows hosts because it starts by loading all libraries required…
Apple accused of collecting user data from Siri queries
Virtual assistants have become indispensable in our daily lives, transforming how we interact with technology. By simply speaking a few words or phrases, we can access vast amounts of information, schedule appointments, or even get personalized recommendations. One of the…
Apple Agrees to $95M Settlement Over Siri Privacy Lawsuit
Apple Inc. has agreed to pay $95 million to settle a proposed class-action lawsuit alleging that its Siri voice assistant infringed on users’ privacy by recording private conversations without their consent. The preliminary settlement, filed in federal court in Oakland,…
NTT Docomo Hit by DDoS Attack, Services Disrupted for 11 Hours
NTT Docomo, one of Japan’s leading telecommunications and IT service providers, experienced a massive disruption on January 2, 2025, after a Distributed Denial of Service (DDoS) attack targeted its network infrastructure. The attack resulted in widespread service irregularities affecting customers…
Diving into Azure Lateral Movement with Pass-the-PRT
One of the most concerning attack methods I’ve come across recently is ‘Pass-the-PRT.’ It’s not the most likely of cyberattacks, but if successful – your organization’s security is in trouble. And that’s precisely what makes it dangerous—it leverages legitimate authentication…
Hackers Use Russian Domains for Phishing Attacks
The latest research has found a sharp rise in suspicious email activities and a change in attack tactics. If you are someone who communicates via email regularly, keep a lookout for malicious or unusual activities, it might be a scam.…
iTerm2 Emulator Vulnerability Let Attackers Access Sensitive User Data
 A critical vulnerability discovered in the popular macOS terminal emulator iTerm2 has raised concerns among cybersecurity experts and software users. The flaw, which could allow malicious attackers to access sensitive user data, underscores the importance of timely updates and vigilant…
Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations
Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users’ privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based…
Cloudflare’s VPN app among half-dozen pulled from Indian app stores
More than half-a-dozen VPN apps, including Cloudflare’s widely-used 1.1.1.1, have been pulled from India’s Apple App Store and Google Play Store following intervention from government authorities, TechCrunch has learned. The Indian Ministry of Home Affairs issued removal orders for the…
The modern CISO is a cornerstone of organizational success
The chief information security officer (CISO) role has undergone a remarkable transformation, evolving from a purely technical position to a role that bridges business strategy, operational efficiency, and cybersecurity. The post The modern CISO is a cornerstone of organizational success…
2024 Year in Review (Part 2)
July AT&T announced (in a financial filing) the discovery of a data breach dating back to 2023 that affects almost every AT&T customer. “The stolen data also includes call records of customers with phone service from other cell carriers that…