New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application…
Tag: EN
USENIX Security ’23 – NVLeak: Off-Chip Side-Channel Attacks via Non-Volatile Memory Systems
Authors/Presenters:Zixuan Wang, Mohammadkazem Taram, Daniel Moghimi, Steven Swanson, Dean Tullsen, Jishen Zhao Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at…
How to freeze your credit – and how it can help protect you after data breaches
Concerned about a recent massive data breach involving Social Security numbers? Here’s one way to protect yourself. This article has been indexed from Latest stories for ZDNET in Security Read the original article: How to freeze your credit – and…
From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs
Boffins demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks using ‘MasterPrints, ‘which are fingerprints that can match multiple other prints. A team of researchers from US universities demonstrated how to deceive fingerprint recognition systems through dictionary attacks using…
The Rise of Malvertising: How Scammers Target Google Products with Malicious Search Ads
Cybersecurity keeps evolving, and so do threats. One such threat is malvertising, it exploits the tools made for enhancing our digital threats. A recent campaign has surfaced, targeting Google products through malicious search ads, displaying the persistence and sophistication of…
Russian Disinformation Network Struggles to Survive Crackdown
The Russian disinformation network, known as Doppelgänger, is facing difficulties as it attempts to secure its operations in response to increased efforts to shut it down. According to a recent report by the Bavarian State Office for the Protection…
Pro-Palestine Outfit Takes Responsibility for Hacking Donald Trump-Elon Musk Interview
During a conversation between billionaire Elon Musk and Republican presidential candidate Donald Trump on Musk’s social media platform X, technical issues occurred that Musk claimed were caused by a DDoS attack. The discussion was significant since it was Trump’s…
Ransomware Attack on the Washington Times Leads to a Dark Web Data Auction
In a countdown clock that showed that the auction would begin in seven days, the Rhysida cartel promoted an online auction that promised to sell Washington Times’ unique data. The auction was set to start within seven days of…
Navigating AI and GenAI: Balancing Opportunities, Risks, and Organizational Readiness
The rapid integration of AI and GenAI technologies within organizations has created a complex landscape, filled with both promising opportunities and significant challenges. While the potential benefits of these technologies are evident, many companies find themselves struggling with AI…
National Public Data Breach Exposes Millions: Threat of Identity Theft Looms
Data breaches continue to be a persistent issue without a simple solution, as evidenced by the recent breach of the background-check service National Public Data. This incident highlights the escalating dangers and complexity of such breaches. After months of…
CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive
Introduction Attention: a new Kubernetes vulnerability was uncovered by André Storfjord Kristiansen (@dev-bio on GitHub) and it demands The post CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive appeared first on ARMO. The post CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass…
Getting Wins for Security Leaders: Strategies and Considerations for Success
Navigating the Cybersecurity Landscape: Achieving Impactful Wins Through Data, Collaboration, and Continuous Improvement Do not think of advocating for critical security investments as a single battle, but a drawn-out campaign… The post Getting Wins for Security Leaders: Strategies and Considerations…
Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Large-scale extortion campaign…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Deciphering the Brain Cipher Ransomware Ideal typosquat ‘solana-py’ steals your crypto wallet keys Ransomware attackers introduce new EDR killer to their…
Large-scale extortion campaign targets publicly accessible environment variable files (.env)
A large-scale extortion campaign compromised multiple organizations by exploiting publicly accessible environment variable files (.env). Palo Alto Unit 42 researchers uncovered a large-scale extortion campaign that successfully compromised and extorted multiple victim organizations by leveraging exposed environment variable files (.env files).…
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab…
OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election
OpenAI announced it had dismantled an Iranian influence operation that was producing content related to the U.S. Presidential election. OpenAI has dismantled an Iran-linked influence operation, tracked as identified as Storm-2035, that was generating content about the U.S. presidential election. The…
Cyber Attack Disrupts Housing Services Across Greater Manchester
A scathing cyber attack has disrupted housing services in three Greater Manchester boroughs, leaving thousands of residents at risk of a phishing scam. The breach, which affected the software company Locata, has caused the temporary closure of housing websites for…
The SIEM Market is Ripe with Consolidation, But are We Delivering on its Intended Security Promise?
Security Information Event Management (SIEM) technology has come far over the past two decades. SIEM is a critical part of threat detection and response in a world where Gartner identifies the challenge of managing security exposures in a constantly evolving…
The Growing Threat of OTP-Stealing Malware: Insights from Zimperium’s zLabs
One-time passwords (OTPs) have become a cornerstone of modern cybersecurity, offering an additional layer of protection for online accounts. However, as enterprises rely more heavily on OTPs to safeguard sensitive data and applications, attackers have also stepped up their efforts…