Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Thousands of Buggy BeyondTrust Systems Remain Exposed
Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.
Published on: January 03, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Friday Squid Blogging: Anniversary Post
I made my first squid post nineteen years ago this week. Between then and now, I posted something about squid every week (with maybe only a few exceptions). There is a lot out there about squid, even more if you count the other meanings of the word. Blog moderation policy.
Published on: January 03, 2025 | Source:New HIPAA Cybersecurity Rules Pull No Punches
Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.
Published on: January 03, 2025 | Source:Treasury Dept. Sanctions Chinese Tech Vendor for Complicity
Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.
Published on: January 03, 2025 | Source:U.S. sanctions take aim at Chinese company said to aid hackersβ massive botnet
A joint takedown operation last year sought to disrupt Flax Typhoonβs compromise of hundreds of thousands of devices. The post U.S. sanctions take aim at Chinese company said to aid hackersβ massive botnet appeared first on CyberScoop.
Published on: January 03, 2025 | Source:Exit interview: FCCβs Jessica Rosenworcel discusses her legacy on cybersecurity, AI and regulation
The outgoing chair weighs in on how the FCC has addressed newer technologies, efforts to respond to Chinese intrusions into U.S. telecom networks, and regulating AI in political ads. The post Exit interview: FCCβs Jessica Rosenworcel discusses her legacy on cybersecurity, AI and regulation appeared first on CyberScoop.
Published on: January 03, 2025 | Source:Apple Offers $95M to Settle Siri Privacy Lawsuit
The proposed settlement would amount to roughly $20 per Apple product that has Siri enabled, for each plaintiff.
Published on: January 03, 2025 | Source:Why Small Businesses Can't Rely Solely on AI to Combat Threats
The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities.
Published on: January 03, 2025 | Source:ShredOS
ShredOS is a stripped-down operating system designed to destroy data. GitHub page here.
Published on: January 03, 2025 | Source:Chrome Extension Compromises Highlight Software Supply Challenges
The Christmas Eve compromise of data-security firm Cyberhaven's Chrome extension spotlights the challenges in shoring up third-party software supply chains.
Published on: January 03, 2025 | Source:New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%
Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and
Published on: January 03, 2025 | Source:Gary Marcus: Taming Silicon Valley | Starmus highlights
The prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness
Published on: January 03, 2025 | Source:LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
Published on: January 03, 2025 | Source:Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program
Published on: January 03, 2025 | Source:Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations
Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the
Published on: January 03, 2025 | Source:Proposed HIPAA Amendments Will Close Healthcare Security Gaps
Changes to the healthcare privacy regulation, including technical controls for network segmentation, multifactor authentication, and encryption, would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities.
Published on: January 02, 2025 | Source:CDAO Sponsors Crowdsourced AI Assurance Pilot in the Context of Military Medicine
Published on: January 02, 2025 | Source:
Unpatched Active Directory Flaw Can Crash Any Microsoft Server
Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.
Published on: January 02, 2025 | Source:VicOne and Zero Day Initiative (ZDI) to Lead Pwn2Own Automotive
Published on: January 02, 2025 | Source:
Google Is Allowing Device Fingerprinting
Lukasz Olejnik writes about device fingerprinting, and why Googleβs policy change to allow it in 2025 is a major privacy setback. EDITED TO ADD (1/12): Shashdot thread.
Published on: January 02, 2025 | Source:US Soldier Arrested in Verizon, AT&T Hacks
Wagenius posted about hacking more than 15 telecom providers on the Telegram messaging service.
Published on: January 02, 2025 | Source:Hackers release files stolen in cyberattack on Rhode Island benefits system
The post Hackers release files stolen in cyberattack on Rhode Island benefits system appeared first on CyberScoop.
Published on: January 02, 2025 | Source:Volkswagen Breach Exposes Data of 800K EV Customers
Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company's VW, Audi, Seat, and Skoda brands.
Published on: January 02, 2025 | Source:'Bad Likert Judge' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs
A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.
Published on: January 02, 2025 | Source:Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML
Published on: January 02, 2025 | Source:Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains β including endpoints, identity systems and cloud environments β so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
Published on: January 02, 2025 | Source:Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user
Published on: January 02, 2025 | Source:Three Russian-German Nationals Charged with Espionage for Russian Secret Service
German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.
Published on: January 02, 2025 | Source:New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites
Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said.
Published on: January 01, 2025 | Source:Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities β a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence
Published on: January 01, 2025 | Source:Managing Cloud Risks Gave Security Teams a Big Headache in 2024
The results of Dark Reading's 2024 Strategic Security Survey suggest that security teams continue to grapple with the challenges that come with increased cloud adoption, such as data visibility and loss of controls. Managing cloud risks will be a focus for security teams in 2025.
Published on: December 31, 2024 | Source:Cybersecurity Lags in Middle East Business Development
The fast growing region has its own unique cyber issues β and it needs its own talent to fight them.
Published on: December 31, 2024 | Source:US sanctions Russian, Iranian groups for election interference
The two entities are accused of partnering with intelligence agencies using artificial intelligence to conduct information operations against U.S. audiences. The post US sanctions Russian, Iranian groups for election interference appeared first on CyberScoop.
Published on: December 31, 2024 | Source:After UN adoption, controversial cybercrime treatyβs next steps could prove vital
Forty nations have to ratify the treaty for it to enter into force, and they have some leeway on how to implement it. The post After UN adoption, controversial cybercrime treatyβs next steps could prove vital appeared first on CyberScoop.
Published on: December 31, 2024 | Source: