The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized…
Category: EN
USENIX Security ’23 – Notice the Imposter! A Study on User Tag Spoofing Attack in Mobile Apps
Authors/Presenters:Shuai Li, Zhemin Yang, Guangliang Yang, Hange Zhang, Nan Hua, Yurui Huang, and Min Yang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s…
Qilin Attack On London Hospitals Leaves Cancer Patient With No Option
The latest figures suggest that nearly 1,500 medical operations have been cancelled at some of London’s leading hospitals in the four weeks following Qilin’s ransomware attack on pathology services provider Synnovis. But perhaps no one was more severely impacted…
Security Affairs Malware Newsletter – Round 1
Today marks the launch of the Security Affairs newsletter, specializing in Malware. This newsletter complements the weekly one you already receive. Each week, it will feature a collection of the best articles and research on malware. CapraTube Remix | Transparent…
Critical npm Account Takeover Vulnerability Sold on Dark Web
A cybercriminal known as Alderson1337 has emerged on BreachForums, offering a critical exploit targeting npm accounts. This vulnerability poses a significant threat to npm, a crucial package manager for JavaScript managed by npm, Inc., a subsidiary of GitHub. Alderson1337…
The Decline of Serverless Computing: Lessons For Enterprises To Learn
In the rapidly changing world of cloud technology, serverless computing, once hailed as a groundbreaking innovation, is now losing its relevance. When it first emerged over a decade ago, serverless computing promised to free developers from managing detailed compute and…
Applying Bloch’s Philosophy to Cyber Security
Ernst Bloch, a luminary in the realm of philosophy, introduced a compelling concept known as the “Not-Yet” — a philosophy that envisions the future as a realm of potential and possibility. Bloch’s ideas revolve around the belief that the world…
Breaking the Silence: The OpenAI Security Breach Unveiled
In April 2023, OpenAI, a leading artificial intelligence research organization, faced a significant security breach. A hacker gained unauthorized access to the company’s internal messaging system, raising concerns about data security, transparency, and the protection of intellectual property. In this…
Twilio Alerts Authy Users of Potential Security Risks Involving Phone Numbers
The U.S. messaging giant Twilio has been accused of stealing 33 million phone numbers over the past week as a result of a hacker’s exploit. Authy, a popular two-factor authentication app owned by Twilio that uses the phone numbers…
Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. GootLoader is still…
Alabama State Department of Education suffered a data breach following a blocked attack
Alabama’s education superintendent disclosed a data breach following a hacking attempt on the Alabama State Department of Education. The Alabama State Department of Education announced it had thwarted a ransomware attack on June 17, however, threat actors accessed some data…
Week in review: A need for a DDoS response plan, human oversight in AI-enhanced software development
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 4 key steps to building an incident response plan In this Help Net Security interview, Mike Toole, head of security and IT at Blumira, discusses…
Russian-Linked Cybercampaigns put a Bull’s-Eye on France. Their Focus? The Olympics and Elections
Baptiste Robert, a French cybersecurity expert, called on his government – and especially lawmakers – to prepare for the digital threats to come. The post Russian-Linked Cybercampaigns put a Bull’s-Eye on France. Their Focus? The Olympics and Elections appeared first…
CVE-2024-6387: New OpenSSH RegreSSHion Vulnerability Gives Hackers Root Access on Linux Servers – 700,000+ Linux Boxes Potentially at Risk
Labeled as CVE-2024-6387, the recently discovered vulnerability in OpenSSH has become a serious cause for concern among Linux servers. OpenSSH is a collection of networking tools built on the Secure Shell (SSH) protocol. It is widely utilized to secure remote…
Researchers Track Identities and Locations of CSAM Users via Malware Logs
Alarming new research exposes thousands of CSAM (child sexual abuse material) consumers through infostealer malware logs. Recorded Future… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: Researchers Track Identities…
Three critical steps to close the cybersecurity talent gap, once and for all
Cybersecurity is a differentiator, and organizations that prioritize developing and nurturing talent will emerge as leaders. This article has been indexed from Security News | VentureBeat Read the original article: Three critical steps to close the cybersecurity talent gap, once…
GootLoader is still active and efficient
Researchers warn that the malware GootLoader is still active and threat actors are still using it in their campaigns. Threat actors continue to use GootLoader malware in their campaigns, Cybereason researchers warn. The malware has evolved, resulting in several versions, with…
Ministry of Justice Workers’ Online Comments Highlight Workplace Communication Risks
Ministry of Justice employees referred to a woman as a “bitch” in an online conversation, which she later received a copy of, serving as a reminder of the importance of careful workplace communication, says an employment lawyer. Academic and…
Hackers Attack HFS Servers to Install Malware and Mine Monero
Cybersecurity researchers have identified a wave of attacks targeting outdated versions of the HTTP File Server (HFS) software from Rejetto, aiming to distribute malware and cryptocurrency mining tools. These attacks exploit a critical security flaw known as CVE-2024-23692, which…
Behind the Scenes: How Patelco Responded to the Ransomware Threat
Patelco Credit Union, a prominent financial institution based in Dublin, has been thrust into the spotlight due to a crippling ransomware attack. With over half a million members affected, the situation underscores the critical importance of robust cybersecurity measures for…