Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Leveraging Wazuh for Zero Trust security
Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after
Published on: November 05, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an "
Published on: November 05, 2024 | Source:Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few
Published on: November 05, 2024 | Source:Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the
Published on: November 05, 2024 | Source:Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective
Published on: November 05, 2024 | Source:Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including
Published on: November 04, 2024 | Source:Sophos Versus the Chinese Hackers
Really interesting story of Sophosβs five-year war against Chinese hackers. The post Sophos Versus the Chinese Hackers appeared first on Schneier on Security.
Published on: November 04, 2024 | Source:German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested
German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical skills of their own," the Federal Criminal Police Office (aka
Published on: November 04, 2024 | Source:THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)
This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? ) We're talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! It's enough to make you want to chuck your phone in the ocean.
Published on: November 04, 2024 | Source:Booking.com Phishers May Leave You With Reservations
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world's most visited travel website.
Published on: November 01, 2024 | Source:Friday Squid Blogging: Squid Sculpture in Massachusetts Building
Great blow-up sculpture. Blog moderation policy. The post Friday Squid Blogging: Squid Sculpture in Massachusetts Building appeared first on Schneier on Security.
Published on: November 01, 2024 | Source:Month in security with Tony Anscombe β October 2024 edition
Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more β October saw no shortage of impactful cybersecurity news stories
Published on: October 31, 2024 | Source:Change Healthcare Breach Hits 100M Americans
Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.
Published on: October 30, 2024 | Source:How to remove your personal information from Google Search results
Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results.
Published on: October 30, 2024 | Source:Don't become a statistic: Tips to help keep your personal data off the dark web
You may not always stop your personal information from ending up in the internetβs dark recesses, but you can take steps to protect yourself from criminals looking to exploit it
Published on: October 29, 2024 | Source:Tony Fadell: Innovating to save our planet | Starmus highlights
As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts
Published on: October 28, 2024 | Source:CloudScout: Evasive Panda scouting cloud services
ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services
Published on: October 28, 2024 | Source:ESET Research Podcast: CosmicBeetle
Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world
Published on: October 24, 2024 | Source:The Global Surveillance Free-for-All in Mobile Ad Data
Not long ago, the ability to remotely track someoneβs daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that...
Published on: October 23, 2024 | Source:Embargo ransomware: RockβnβRust
Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit
Published on: October 23, 2024 | Source:Google Voice scams: What are they and how do I avoid them?
Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers
Published on: October 21, 2024 | Source:Brazil Arrests βUSDoD,β Hacker in FBI Infragard Breach
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a...
Published on: October 18, 2024 | Source:Threat actors exploiting zero-days faster than ever β Week in security with Tony Anscombe
The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year
Published on: October 18, 2024 | Source:Sudanese Brothers Arrested in βAnonSudanβ Takedown
The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the brothers is facing life in prison for allegedly seeking to kill people...
Published on: October 17, 2024 | Source:Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)
βHey, wanna chat?β This innocent phrase can take on a sinister meaning when it comes from an adult to a child online β and even be the start of a predatory relationship
Published on: October 16, 2024 | Source:Quishing attacks are targeting electric car owners: Hereβs how to slam on the brakes
Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal driversβ payment details
Published on: October 15, 2024 | Source:Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships
The world needs more cybersecurity professionals β here are three great ways to give you an βinβ to the ever-growing and rewarding security industry
Published on: October 14, 2024 | Source:GoldenJackal jumps the air gap β¦ twice β Week in security with Tony Anscombe
ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities
Published on: October 11, 2024 | Source:Telekopye transitions to targeting tourists via hotel booking scam
ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms
Published on: October 10, 2024 | Source:Lamborghini Carjackers Lured by $243M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later, while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.
Published on: October 09, 2024 | Source:Patch Tuesday, October 2024 Edition
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 "Sequoia" update that broke many cybersecurity tools.
Published on: October 08, 2024 | Source:Cyber insurance, human risk, and the potential for cyber-ratings
Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess peopleβs financial responsibility?
Published on: October 08, 2024 | Source:Mind the (air) gap: GoldenJackal gooses government guardrails
ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal
Published on: October 07, 2024 | Source:The complexities of attack attribution β Week in security with Tony Anscombe
Attributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this week
Published on: October 04, 2024 | Source:Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia
Published on: October 02, 2024 | Source: