Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXOrgs Scramble to Fix Actively Exploited Bug in Apache Struts 2
A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Bridging the 'Keyboard-to-Chair' Gap With Identity Verification
Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability.
Vendors Chase Potential of Non-Human Identity Management
Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes β before attackers can intercept.
Web Hacking Service βAraneidaβ Tied to Turkish IT Firm
Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.
Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets
The CNCERT said it had βhandledβ two attacks on Chinese tech companies, which it attributed to an unnamed suspected U.S. intelligence agency. The post Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets appeared first on CyberScoop.
Malvertisers Fool Google With AI-Generated Decoy Content
Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites.
CISA Releases Draft of National Cyber Incident Response Plan
The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.
Mailbox Insecurity
It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox. I get that a single master key makes the whole system easier, but itβs very fragile security.
Ukrainian sentenced to five years in jail for work on Raccoon Stealer
Ukrainian national Mark Sokolovsky was sentenced Wednesday to five years in federal prison for his role in operating Raccoon Infostealer malware, which infiltrated millions of computers worldwide to steal personal data. According to court documents, Sokolovsky, 28, was integral to operations that allowed the leasing of Raccoon Infostealer for $200 per month, payable via cryptocurrency. [β¦] The post Ukrainian sentenced...
Supply Chain Risk Mitigation Must Be a Priority in 2025
A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk.
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords
Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. It was originally fixed by Fortinet back on August 18, 2023, but without a CVE designation. The list of supported FortiOS
Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (ep. 9)
ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud
Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (special edition)
ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,
Dutch DPA Fines Netflix β¬4.75 Million for GDPR Violations Over Data Transparency
The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix 4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020. An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the
India Sees Surge in API Attacks, Especially in Banking, Utilities
The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.
Interpol: Can We Drop the Term 'Pig Butchering'?
The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language.
Recorded Future: Russia's 'Undesirable' Designation Is a Compliment
The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin's regime.
Russia bans cybersecurity company Recorded Future
The designation won cheers from the CEO of the firm, believed to be the first information security company to garner the label. The post Russia bans cybersecurity company Recorded Future appeared first on CyberScoop.
CISA pushes guide for high-value targets to secure mobile devices
The guide comes as the government continues to deal with the fallout of the Salt Typhoon hack. The post CISA pushes guide for high-value targets to secure mobile devices appeared first on CyberScoop.
Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign
Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud.
Manufacturers Lose Azure Creds to HubSpot Phishing Attack
Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.
Wallarm Releases API Honeypot Report Highlighting API Attack Trends
New Advances in the Understanding of Prime Numbers
Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters.
The Importance of Empowering CFOs Against Cyber Threats
Working closely with CISOs, chief financial officers can become key players in protecting their organizations' critical assets and ensuring long-term financial stability.
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity.
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,
HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,
Wald.ai Launches Data Loss Protection for AI Platforms
The cybersecurity startup's data loss protection platform uses contextual redaction to help organizations safely use private business information across AI platforms.
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS
How to Lose a Fortune with Just One Bad Click
Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click "yes" to a Google prompt on his mobile device.
Not Your Old ActiveState: Introducing our End-to-End OS Platform
Having been at ActiveState for nearly eight years, Iβve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the