Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor. This article has been indexed from Securelist Read the original article: CloudSorcerer – A new APT targeting Russian government…
Category: EN
Apple Removes VPN Apps from Russian App Store Amid Government Pressure
Apple removed a number of virtual private network (VPN) apps in Russia from its App Store on July 4, 2024, following a request by Russia’s state communications watchdog Roskomnadzor, Russian news media reported. This includes the mobile apps of 25…
Roblox Data Breach: Email & IP address Details Exposed
Roblox, the globally renowned online gaming platform, has suffered a data breach. According to a tweet from cybersecurity expert H4ckManac, the breach has exposed sensitive information, including email addresses and IP addresses of millions of users. This alarming incident has…
Mobile based cyber threats to watch out for at Paris Olympic Games 2024
The 2024 Summer Olympic Games, also referred to as XXXIII Olympiad, are set to take place from July 26th to August 11th this year. However, amidst the excitement, there is a growing concern regarding cyber threats targeting attendees and team…
Top 5 Mobile Security Benefits with Samsung Knox
Mobile Security is increasingly crucial in today’s digital landscape, where smartphones are integral to both personal and professional lives. Samsung Knox offered exclusively to Galaxy phone users stands out as a robust security platform designed to protect devices against a…
Selfie-based authentication raises eyebrows among infosec experts
Vietnam now requires it for some purchases. It may be a fraud risk in Singapore. Or ML could be making it safe The use of selfies to verify identity online is an emerging trend in some parts of the world…
Continuous Threat Exposure Management for Google Cloud
On July 9th, 2020, an independent security firm discovered a trove of personal health information belonging to Pfizer patients on the public internet. The breach exposed unencrypted conversations between patients and providers of four different Pfizer products, including full names,…
July 2024 Patch Tuesday forecast: The end of an AV giant in the US
The US celebrated Independence Day last week, providing many with a long weekend leading into patch week. With summer vacations underway, many developers must be out of the office because June was fairly quiet regarding software updates. This included June…
How nation-state cyber attacks disrupt public services and undermine citizen trust
In this Help Net Security interview, Rob Greer, VP and GM of the Enterprise Security Group at Broadcom, discusses the impact of nation-state cyber attacks on public sector services and citizens, as well as the broader implications for trust and…
Monocle: Open-source LLM for binary analysis search
Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password strings, etc.), and it will…
Organizations change recruitment strategies to find cyber talent
An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap, according to Fortinet. At the same time, Fortinet’s 2024 Global Cybersecurity Skills Gap Report found that 70% of organizations indicated that the cybersecurity skills shortage creates…
ISC Stormcast For Monday, July 8th, 2024 https://isc.sans.edu/podcastdetail/9042, (Mon, Jul 8th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 8th, 2024…
Not-so-OpenAI allegedly never bothered to report 2023 data breach
Also: F1 authority breached; Prudential victim count skyrockets; a new ransomware actor appears; and more security in brief It’s been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023…
Paperclip Maximizers, Artificial Intelligence and Natural Stupidity
Existential risk from AI Some believe an existential risk accompanies the development or emergence of artificial general intelligence (AGI). Quantifying the probability of this risk is a hard problem, to say nothing of calculating the probabilities of the many non-existential…
A decade after collapsing, crypto exchange Mt Gox repays some investors
Plus: Samsung strike; India likely upping chip subsidies; Asian nations link payment schemes Asia In Brief Mt Gox, the Japanese crypto exchange that dominated trading for a brief time in the early 2010s before collapsing amid the disappearance of nearly…
Husky Owners – 16,502 breached accounts
In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones. This article has been indexed from…
Hacker Breaches OpenAI, Steals Sensitive AI Tech Details
Earlier this year, a hacker successfully breached OpenAI’s internal messaging systems, obtaining sensitive details about the company’s AI technologies. The incident, initially kept under wraps by OpenAI, was not reported to authorities as it was not considered a threat…
Passkeys Aren’t Foolproof: New Study Reveals Vulnerabilities in Popular Authentication Method
Despite their growing popularity, passkeys are not as secure as many believe. According to Joe Stewart, principal security researcher at eSentire’s Threat Response Unit (TRU), many online accounts using passkeys can still fall victim to adversary-in-the-middle (AitM) attacks. This…
Apache fixed a source code disclosure flaw in Apache HTTP Server
The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized…
USENIX Security ’23 – Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps
Authors/Presenters:Shuai Li, Zhemin Yang, Guangliang Yang, Hange Zhang, Nan Hua, Yurui Huang, and Min Yang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s…