This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as…
Blockchain in cybersecurity: opportunities and challenges
Cybersecurity is facing new challenges with advances in AI, cloud tech, and increasing cyber threats. Solutions like blockchain… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: Blockchain in cybersecurity:…
UK Considers Banning Ransomware Payment by Public Sector and CNI
Since no technical means have been found to curtail criminal extortion through prevention or attack, the new proposal is to eliminate its profitability. The post UK Considers Banning Ransomware Payment by Public Sector and CNI appeared first on SecurityWeek. This…
Six Friends Every Security Team Needs
Around the year 1900, an author (Rudyard Kipling) wrote a poem called “The Elephant’s Child.” In it, he writes: “I keep six honest serving men They taught me all I knew Their names are What and Why and When And…
How Hackers Sell Access to Corporate Systems Using Stolen Credentials
In the cybercrime world, Initial Access Brokers (IABs) are essential for facilitating attacks. These specific hackers break into company systems, steal login credentials, and then sell access to other criminals who use it to launch their own attacks. They…
Platforms Systematically Removed a User Because He Made “Most Wanted CEO” Playing Cards
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> On December 14, James Harr, the owner of an online store called ComradeWorkwear, announced on social media that he planned to sell a deck of “Most Wanted…
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking on “AI: Trust & Power” at Capricon 45 in Chicago, Illinois, USA, at 11:30 AM on February 7, 2025. I’m also signing books there…
Companies Double Down on AI and Supply Chain Security, According to Black Duck’s BSIMM15 Report
Organisations worldwide are ramping up efforts to tackle emerging security risks in artificial intelligence (AI) and software supply chains, according to the newly released BSIMM15 report from Black Duck. The report, which examines software security practices across 121 companies, reveals…
BforeAI Raises $10 Million for Predictive Attack Intelligence
BforeAI has raised $10 million in Series B funding, which brings the total raised by the security firm to more than $30 million. The post BforeAI Raises $10 Million for Predictive Attack Intelligence appeared first on SecurityWeek. This article has…
DEF CON 32 – SBOMs the Hard Way: Hacking Bob the Minion
Authors/Presenters: Larry Pesce Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The…
Millions of People’s ‘Intimate’ Location Data Compromised in Apparent Hack
Major apps worldwide are potentially being exploited by rogue members within the advertising sector to collect sensitive location data extensively, which subsequently is transferred to a location data firm whose subsidiary has previously sold global location data to US…
GDPR Violation by EU: A Case of Self-Accountability
There was a groundbreaking decision by the European Union General Court on Wednesday that the EU Commission will be held liable for damages incurred by a German citizen for not adhering to its own data protection legislation. As a…
Medusind Data Breach Exposes Health and Personal Information of 360,000+ Individuals
Medusind, a major provider of billing and revenue management services for healthcare organizations, recently disclosed a data breach that compromised sensitive information of over 360,000 individuals. The breach, which occurred in December 2023, was detected more than a year…
Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)
Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that’s being exploited by attackers to compromise publicly-exposed FortiGate firewalls. While Fortinet acknowledged in-the-wild exploitation in the accompanying security advisory, they did share any…
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. “Google’s OAuth login doesn’t protect against someone purchasing a…
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading…
How to implement IAM policy checks with Visual Studio Code and IAM Access Analyzer
In a previous blog post, we introduced the IAM Access Analyzer custom policy check feature, which allows you to validate your policies against custom rules. Now we’re taking a step further and bringing these policy checks directly into your development…
New Variant Of Banshee macOS Malware Runs Active Campaigns
The long-known Banshee stealer has resurfaced with an advanced malware variant that targets macOS systems.… New Variant Of Banshee macOS Malware Runs Active Campaigns on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article…
Hitachi Energy FOXMAN-UN
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’), Heap-based Buffer Overflow,…
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisories on January 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-014-01 Hitachi Energy FOXMAN-UN ICSA-25-014-02 Schneider Electric Vijeo Designer ICSA-25-014-03 Schneider Electric EcoStruxure ICSA-25-014-04…
DOJ confirms FBI operation that mass-deleted Chinese malware from thousands of US computers
The FBI says it was authorized to mass-remove “PlugX” malware from more than 4,000 compromised machines in the United States © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch…
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware
Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia. Russia-linked threat actors UAC-0063 is targeting Kazakhstan as part of a cyber espionage campaign to gather economic and political intelligence in Central Asia. The Computer…
How to Eliminate “Shadow AI” in Software Development
With a security-first culture fully in play, developers will view the protected deployment of AI as a marketable skill, and respond accordingly. The post How to Eliminate “Shadow AI” in Software Development appeared first on SecurityWeek. This article has been…
IT Security News Hourly Summary 2025-01-14 18h : 9 posts
9 posts were published in the last hour 16:32 : North Korea stole over $659M in crypto heists during 2024, deployed fake job seekers 16:32 : New AI Rule Aims to Prevent Misuse of US Technology 16:13 : Baltic Sentry:…