In a major development against cybercrime, the US Federal Bureau of Investigation (FBI) has disclosed the recovery of over 7,000 decryption keys to assist victims of the notorious LockBit ransomware gang. This revelation follows a disruptive international law enforcement…
Tag: EN
Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest…
Ticketmaster and Santander Breaches Expose Cloud Security Flaws
Recent data breaches at Ticketmaster and Santander Bank have exposed major security vulnerabilities in the use of third-party cloud storage services. These breaches highlight the urgent need for robust security measures as more organisations move their data to the cloud.…
New York Times source code compromised via exposed GitHub token
The source code and data of The New York Times leaked on the 4chan was stolen from the company’s GitHub repositories in January 2024. This week, VX-Underground first noticed that the internal data of The New York Times was leaked…
USENIX Security ’23 – “If Sighted People Know, I Should Be Able To Know:” Privacy Perceptions Of Bystanders With Visual Impairments Around Camera-Based Technology
Authors/Presenters:Yuhang Zhao, Yaxing Yao, Jiaru Fu, Nihan Zhou Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and…
Upcoming June 11th CISA Deadline Exposes Widespread Unpreparedness in Software Security Compliance
A recent study by Lineaje has uncovered a startling lack of preparedness among organizations for the upcoming U.S. Cybersecurity & Infrastructure Agency’s (CISA) Secure Software Development Attestation Form deadline. The research, conducted at RSA Conference 2024, reveals that a mere…
GoldPickaxe iOS Malware Harvests Facial Recognition Data & Bank Accounts
Due to the growing popularity of Apple devices, cybercriminals are increasingly targeting iOS and macOS with malware. The App Store is no longer secure, and iCloud is a new target, as Apple’s allowance of third-party app stores in Europe is…
Sticky Werewolf Weaponizing LNK Files Group Attacking To Attack Organizations
Sticky Werewolf, a cyber threat group, has shifted its targeting strategy from sending phishing emails with download links to malicious files to using archive attachments containing LNK files, which act as shortcuts to malicious executables hosted on WebDAV servers. When…
Employees Claim OpenAI and Google DeepMind Are Hiding Dangers From the Public
A number of current and former OpenAI and Google DeepMind employees have claimed that AI businesses “possess substantial non-public data regarding the capabilities and limitations of their systems” that they cannot be expected to share voluntarily. The claim was…
The Underestimated Cyber Threat: Anticipating and Combatting Supply Chain Attacks
Cybersecurity threats are multi-faceted, often connected, and accelerating fast. Ransomware, nation-state attacks, employee errors, and third parties – all pose risks for enterprises seeking to safeguard their organizations and customers from cyber attacks and the resulting consequences. One particularly insidious…
Uber ex-CSO Joe Sullivan: We need security leaders running to work, not giving up
Lessons learned from the infosec chief convicted and punished for covering up theft of data from taxi app maker Interview Joe Sullivan – the now-former Uber chief security officer who was found guilty of covering-up a theft of data from…
The Hidden Cost of Connected Cars: Your Driving Data and Insurance
Driving to a weekend getaway or a doctor’s appointment leaves more than just a memory; it leaves a data trail. Modern cars equipped with internet capabilities, GPS tracking, or services like OnStar, capture your driving history. This data is…
Cyber Resiliency in The Age Of AI: Securing the Digital Perimeter
In the fast-moving age of artificial intelligence (AI), cybersecurity is more important than ever before. By Tyler Derr, Chief Technology Officer (CTO), Broadridge In the fast-moving age of artificial intelligence […] The post Cyber Resiliency in The Age Of AI:…
Security researcher says Azure Tags are security threat but Microsoft disagrees
Tenable recently identified a notable security issue within Microsoft’s Azure Network service tags. While Tenable classified this as a high-severity vulnerability, Microsoft disagreed with this classification. Despite their differences, both companies jointly disclosed the security issue on Monday. What…
Nvidia Climbs to Second Place in Global Market Value, Surpassing Apple
This month, Nvidia has achieved a historic achievement by overtaking Apple to become the world’s second most valuable company, a feat that has only been possible because of the overwhelming demand for its advanced chips that are used to…
Experts Warn: AI Chatbots a ‘Treasure Trove’ for Criminals, Avoid ‘Free Accounts
Cybersecurity experts have informed The U.S. Sun that chatbots represent a “treasure trove” ripe for exploitation by criminals. The intelligence of artificial intelligence chatbots is advancing rapidly, becoming more accessible and efficient. Because these AI systems mimic human conversation…
Apple Is Coming for Your Password Manager
Plus: A media executive is charged in an alleged money-laundering scheme, a ransomware attack disrupts care at London hospitals, and Google’s former CEO has a secretive drone project up his sleeve. This article has been indexed from Security Latest Read…
Snowflake Security Incident: A Wake-Up Call for CISOs | Grip
The Snowflake breach highlights a recurring pattern of risks Grip can help prevent, ensuring robust security measures across your SaaS and IaaS landscape. The post Snowflake Security Incident: A Wake-Up Call for CISOs | Grip appeared first on Security Boulevard.…
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions…
Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns
Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an “explorable visual…