8-year-old op responsible for DDoS attacks and commandeering broadcasts to push war material Security researchers have pinned a DDoS botnet that’s infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi.… This article has…
Tag: EN
VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)
A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in the wild” exploitation of…
Citrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching
Cisco NetScaler ADC and NetScaler Gateway have been discovered to have two vulnerabilities, which were associated with remote code execution and denial of service. The CVEs for these vulnerabilities were CVE-2023-6548 and CVE-2023-6549, and the severity has been given as…
Enter the era of platform-based cloud security
How an integrated platform can streamline the management overhead, improve cloud security and boost threat visibility Sponsored Post Reports suggest that forward-looking organisations are ditching legacy point-based cloud security offerings and replacing them with more efficient integrated platforms which slash…
PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside in the TianoCore EFI Development…
NCSC Builds New “Cyber League” Threat Tracking Community
The UK’s National Cyber Security Centre has launched a Cyber League to monitor emerging cyber-threats This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Builds New “Cyber League” Threat Tracking Community
Confessions on MFA and Security Best Practices
The last couple weeks have brought a few discussions on the topic of multifactor authentication or MFA (sometimes also referred to as 2FA or two factor authentication). These discussions have been driven by the SEC’s X (formerly known as Twitter)…
JinxLoader Malware: Next-Stage Payload Threats Revealed
In the ever-evolving landscape of cybersecurity, a recent discovery by Palo Alto Networks Unit 42 and Symantec sheds light on a new Go-based malware loader named JinxLoader malware. This sophisticated tool is employed by threat actors to facilitate malicious payload…
HealthEC Data Breach Impacts 4.5 Million Patients
In the evolving landscape of healthcare cybersecurity, the recent data breach at HealthEC LLC has sent shockwaves through the industry, affecting nearly 4.5 million individuals who received care through the company’s diverse clientele. This incident, which unfolded between July 14…
Navigating the Debian 10 EOL: A Guide to the Future
Debian 10’s End of Life (EOL) highlights the critical need for upgrading to maintain security and compatibility. Upgrading from Debian 10 involves balancing hardware compatibility, software dependencies, and system configurations with minimal operational disruption. In cases where immediate upgrading isn’t…
Hackers Deploying Androxgh0st Botnet Malware that Steals AWS, Microsoft Credentials
Threat actors use botnet malware to gain access to the network of compromised systems that enable them to perform several types of illicit activities. They get attracted to botnet malware due to its distributed and anonymous infrastructure, which makes it…
iShutdown lightweight method allows to discover spyware infections on iPhones
Researchers devised a “lightweight method,” called iShutdown, to determine whether Apple iOS devices have been infected with spyware. Cybersecurity researchers from Kaspersky have identified a “lightweight method,” called iShutdown, to identify the presence of spyware on Apple iOS devices. The method allow to discover…
Your iPhone is at risk – Signs of Viruses You Shouldn’t Ignore!
Apple usually excels in shielding us from spam and pop-ups. With the myriad functions Apple packs into iPhones, users engage in diverse activities, from work to photos and gaming. While iPhones are considered less susceptible to cyber threats than…
Attribute-based encryption could spell the end of data compromise
The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access control.…
Fujitsu issues apology for IT and Data Privacy scandal of UK Post Offices
Fujitsu, a Japanese multinational company specializing in software and technology services, has issued an apology in response to the IT scandal that unfolded within the UK Post Office. The company is currently facing allegations that its IT staff, tasked with…
Skytrack: Open-source aircraft reconnaissance tool
Skytrack is an open-source command-line tool for plane spotting and aircraft OSINT reconnaissance. The tool utilizes multiple data sources to collect information on aircraft, can produce a PDF report for a specific aircraft, and offers conversion between ICAO and Tail…
Ransomware negotiation: When cybersecurity meets crisis management
In this Help Net Security interview, Tim Morris, Chief Security Advisor at Tanium, discusses ransomware negotiation, how it typically unfolds, and how organizations should have a playbook that clearly outlines what to do, when to do it, who is notified,…
Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts
High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mind Sandstorm since November 2023. The threat actor “used bespoke…
Adversaries exploit trends, target popular GenAI apps
More than 10% of enterprise employees access at least one generative AI application every month, compared to just 2% a year ago, according to Netskope. In 2023, ChatGPT was the most popular generative AI application, accounting for 7% of enterprise…
The power of AI in cybersecurity
The widespread adoption of artificial intelligence (AI), particularly generative AI (GenAI), has revolutionized organizational landscapes and transformed both the cyber threat landscape and cybersecurity. AI as a powerful cybersecurity tool As organizations handle increasing amounts of data daily, AI offers…