As Chinese automakers prepare to launch in the US, the White House is investigating whether cars made in China could pose a national security threat. This article has been indexed from Security Latest Read the original article: The White House…
Tag: EN
Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels
OffSec has released Kali Linux 2024.1, the latest version of its popular penetration testing and digital forensics platform. The new version comes with new tools, a fresh look (themes, wallpapers and icons for Kali and Kali Purple), a new image…
Why passkeys will replace passwords
With the growth of sophisticated attacks against critical software and infrastructure systems, multi-factor authentication (MFA) has emerged as a critical layer of defense against unauthorized access. An increasing number of enterprise and developer-facing technology applications and platforms, from GitHub to…
Biden Bans Mass Sale of Data to Hostile Nations
A new presidential executive order attempts to prevent the mass sales of personal data to countries like China and Russia This article has been indexed from www.infosecurity-magazine.com Read the original article: Biden Bans Mass Sale of Data to Hostile Nations
Is the LockBit gang resuming its operation?
Experts warn that the LockBit ransomware group has started using updated encryptors in new attacks, after the recent law enforcement operation. The LockBit ransomware group appears to have fully recovered its operations following the recent law enforcement initiative, code-named Operation…
LOCKBIT 3.0 Ransomware – Complete Malware Analysis Report
LockBit 3.0 is a sophisticated ransomware identified as a significant threat to organizations worldwide. This ransomware variant is designed to encrypt files on infected systems, rendering them inaccessible until a ransom is paid. LockBit” is a ransomware-as-a-service (RaaS) group active since September…
Chinese Mini PC Maker Acemagic Ships machines with Malware Pre-installed
Acemagic, a Chinese manufacturer of mini PCs, has been found to ship devices laden with malware, raising significant concerns about cybersecurity and consumer safety. Further investigations revealed that other models, including the AD15 and S1, also harbored similar malicious software.…
Silence Laboratories, a cryptographic security startup, secures funding
Silence Laboratories, a startup that builds infrastructure using multiparty computation (MPC) to help enterprises keep data private and safe, said it has raised a $4.1 million funding round. Pi Ventures and Kira Studio co-led the recent funding, which brings its total raised…
Making Sense of Financial Services Cybersecurity Regulations
The financial services sector faces unprecedented cybersecurity challenges in today’s digital age. With the industry being a prime target for cybercriminals , understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of…
A Pornhub Chatbot Stopped Millions From Searching for Child Abuse Videos
Every time someone in the UK searched for child abuse material on Pornhub, a chatbot appeared and told them how to get help. This article has been indexed from Security Latest Read the original article: A Pornhub Chatbot Stopped Millions…
Investing in partnerships for inclusion and innovation: a spotlight on Astia and Kiva
This Social Impact Partner series blog features Cisco’s partnership with Astia and Kiva, in honor of the incredible work these organizations are doing to advance investment opportunities to Black, Indigenous, and People of Color-owned businesses in the United States and…
Lazarus APT exploited zero-day in Windows driver to gain kernel privileges
North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys…
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269…
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events
A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come…
How to Configure the Most Secure Settings for Microsoft Defender
This article is entirely written by Bing AI client integrated in Skype. Q: write an article describing most secure settings of Microsoft Defender A: Microsoft Defender is a comprehensive security solution that protects your Windows devices from various threats,…
Millions of GitHub Repos Found Infected with Malicious Code
Security researchers have uncovered a massive campaign of repository confusion attacks on GitHub, affecting over 100,000 repositories and potentially millions more. This sophisticated cyberattack targets developers by tricking them into downloading and using malicious repositories disguised as legitimate ones. You…
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware
At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET,…
Lazarus Hackers Exploited Windows 0-Day to Gain Kernel read/write Access
The Lazarus Group, a well-known cybercriminal organization, has recently exploited a zero-day vulnerability in Windows to gain kernel privileges, a critical level of system access. This vulnerability, identified as CVE-2024-21338, was found in the appid.Sys AppLocker driver was patched by…
Vulnerabilities in business VPNs under the spotlight
As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk This article has been indexed from WeLiveSecurity Read the original article: Vulnerabilities in business…
BobTheSmuggler: Open-source tool for undetectable payload delivery
BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration exercises, and assumed breach scenarios.…