Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities
Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight β and hopefully better control.
Published on: December 04, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Study shows potentially higher prevalence of spyware infections than previously thought
An investigation into the numbers has some caveats, but those behind it say even a drastic reduction from what they found would be big. The post Study shows potentially higher prevalence of spyware infections than previously thought appeared first on CyberScoop.
Published on: December 04, 2024 | Source:Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted
Published on: December 04, 2024 | Source:AI and the 2024 Elections
Itβs been the biggest year for elections in human history: 2024 is a βsuper-cycleβ year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also the first AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation would overwhelm the democratic processes. As 2024 draws to a close, itβs instructive to take stock of how democracy did. In...
Published on: December 04, 2024 | Source:7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk β an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and
Published on: December 04, 2024 | Source:How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges
Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs. Some are so tedious and complex that employees post passwords on sticky notes under keyboards, monitors, or desk drawers. Others set rules so loose they may as well not exist. And many simply copy
Published on: December 04, 2024 | Source:Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm
Published on: December 04, 2024 | Source:Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People's Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. "Identified exploitations or compromises associated with these threat actors' activity align with existing weaknesses associated with victim infrastructure; no novel
Published on: December 04, 2024 | Source:Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. "From the VSPC management agent machine, under
Published on: December 04, 2024 | Source:Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ "allows
Published on: December 04, 2024 | Source:Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X. The
Published on: December 04, 2024 | Source:SecureG, CTIA Project Secures Business Phone Calls
BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.
Published on: December 03, 2024 | Source:Misconfigured WAFs Heighten DoS, Breach Risks
Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.
Published on: December 03, 2024 | Source:BigID Releases Data Activity Monitoring to Extend DDR, Detect Malicious Actors, and Strengthen Data Security Posture
Published on: December 03, 2024 | Source:
KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report
Published on: December 03, 2024 | Source:
Note From the Editor-in-Chief
A change in ownership and what it means for our readers.
Published on: December 03, 2024 | Source:Decade-Old Cisco Vulnerability Under Active Exploit
Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.
Published on: December 03, 2024 | Source:FTC goes after three data brokers with enforcement actions
The FTC has accused three data brokers, including Gravy Analytics and Venntel, of illegally tracking and selling non-anonymized consumer location data. The post FTC goes after three data brokers with enforcement actions appeared first on CyberScoop.
Published on: December 03, 2024 | Source:U.S. government says Salt Typhoon is still in telecom networks
The United States and other Western nations released guidance Tuesday designed to evict the China-linked group in the wake of the high-profile hack. The post U.S. government says Salt Typhoon is still in telecom networks appeared first on CyberScoop.
Published on: December 03, 2024 | Source:Cyber-Unsafe Employees Increasingly Put Orgs at Risk
Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse.
Published on: December 03, 2024 | Source:Inside a new initiative to lend cybersecurity volunteers to organizations that need it most
The idea behind the initiative, details of which CyberScoop is first reporting, is that too much cyber expertise doing volunteer work is uncoordinated. The post Inside a new initiative to lend cybersecurity volunteers to organizations that need it most appeared first on CyberScoop.
Published on: December 03, 2024 | Source:Venom Spider Spins Web of New Malware for MaaS Platform
A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group's cybercriminal tool set.
Published on: December 03, 2024 | Source:Ransomware's Grip on Healthcare
Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption.
Published on: December 03, 2024 | Source:'White FAANG' Data Export Attack: A Gold Mine for PII Threats
Websites these days know everything about you β even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.
Published on: December 03, 2024 | Source:Why Phishers Love New TLDs Like .shop, .top and .xyz
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to...
Published on: December 03, 2024 | Source:Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA). The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack
Published on: December 03, 2024 | Source:Algorithms Are Coming for Democracyβbut Itβs Not All Bad
In 2025, AI is poised to change every aspect of democratic politicsβbut it wonβt necessarily be for the worse. Indiaβs prime minister, Narendra Modi, has used AI to translate his speeches for his multilingual electorate in real time, demonstrating how AI can help diverse democracies to be more inclusive. AI avatars were used by presidential candidates in South Korea in electioneering, enabling them to provide answers...
Published on: December 03, 2024 | Source:NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access
Published on: December 03, 2024 | Source:CFPB proposes new rule to regulate expansive data broker industry
The rule would force data brokers to adhere to the same standards as established credit agencies. The post CFPB proposes new rule to regulate expansive data broker industry appeared first on CyberScoop.
Published on: December 03, 2024 | Source:Achieving cybersecurity compliance in 5 steps
Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements
Published on: December 03, 2024 | Source:North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,
Published on: December 03, 2024 | Source:Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer
Published on: December 03, 2024 | Source:'Bootkitty' First Bootloader to Take Aim at Linux
Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.
Published on: December 02, 2024 | Source:Small number of vulnerabilities patched in last Android security update of 2024
None of the patched bugs were considered critical. The post Small number of vulnerabilities patched in last Android security update of 2024 appeared first on CyberScoop.
Published on: December 02, 2024 | Source:Interpol Cyber-Fraud Action Nets More Than 5K Arrests
Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.
Published on: December 02, 2024 | Source: