FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Kremlin claims Ukraine hackers behind fake missile strike alerts

Ten cities panic after emergency systems start Putin out warnings of an impending attack

Millions of Russians in almost a dozen cities throughout the country were greeted Wednesday morning by radio alerts, text messages, and sirens warning of an air raid or missile strikes that never occurred. The warnings were later blamed on hackers.…

  • February 23rd 2023 at 06:30
  • β†—

Datacenters in China, Singapore cracked by crims who then targeted tenants

Infiltrators tried to create fake remote hands tasks, alter visitor lists

Criminals have targeted datacenter operators in Singapore and China, tapping into their CCTV cameras, accessing their tenant lists and then attacking those customers.…

  • February 23rd 2023 at 05:45
  • β†—

Lawyers join forces to fight common enemy: The SEC and its probes into cyber-victims

Did the financial watchdog just do the impossible and herd cats?

More than 80 law firms say they are "deeply troubled" by the US Securities and Exchange Commission's demand that Covington & Burling hand over names of its clients whose information was stolen by Chinese state-sponsored hackers.…

  • February 23rd 2023 at 02:00
  • β†—

NPM JavaScript packages abused to create scambait links in bulk

By Paul Ducklin
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!

Open source software has its perks, but supply chain risks can't be ignored

While app development is faster and easier, security is still a concern

Analysis Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps, and daily software updates.…

  • February 22nd 2023 at 12:46
  • β†—

Global threats fuel cyber defence training

SANS Institute ramps up delivery of new security training courses to help keep info sec pros ahead of cyber criminals

Sponsored Post The global impact of cyber threats on businesses, governments, organisations and individuals around the world is ramping up exponentially, with experts warning that danger is set to dramatically worsen in coming months and years.…

  • February 22nd 2023 at 09:13
  • β†—

Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client

By The Hacker News
At the beginning of January, Gcore faced an incident involving several L3/L4 DDoS attacks with a peak volume of 650 Gbps. Attackers exploited over 2000 servers belonging to one of the top three cloud providers worldwide and targeted a client who was using a free CDN plan. However, due to Gcore’s distribution of infrastructure and a large number of peering partners, the attacks were mitigated,

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

By Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on TuesdayΒ addedΒ three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986Β (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223Β (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection

VMware Patches Critical Vulnerability in Carbon Black App Control Product

By Ravie Lakshmanan
VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product. Tracked asΒ CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualization services provider describes the issue as an injection vulnerability. Security researcher Jari

How to Stop Attackers That Target Healthcare Imaging Data

By Kolawole Samuel Adebayo, Contributing Writer
Attribute-based encryption could help keep sensitive metadata off of the Dark Web.

  • February 22nd 2023 at 03:30
  • β†—

Scrut Automation Raises Funding of $7.5M, Led by MassMutual Ventures, Lightspeed, and Endiya Partners

With the fresh capital, Scrut aims to focus on simplifying risk management and infosec compliance for cloud-native SaaS, Fintech, and Healthtech companies
  • February 22nd 2023 at 00:07
  • β†—

Malwarebytes Expands Platform With New Application Block Capabilities

Latest threat prevention module helps resource-strapped security teams block unsafe, untrusted or vulnerable applications.
  • February 21st 2023 at 23:20
  • β†—

Analysts Slam Twitter's Decision to Disable SMS-Based 2FA

By Jai Vijayan, Contributing Writer, Dark Reading
Making the option available only to paid subscribers β€” while also claiming SMS authentication is broken β€” doesn't make sense, some say. Is it a cash grab?

  • February 21st 2023 at 23:00
  • β†—

Name That Toon: Join the Club

By John Klossner, Cartoonist
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

  • February 21st 2023 at 18:45
  • β†—

Cyberthreats, Regulations Mount for Financial Industry

By Robert Lemos, Contributing Writer, Dark Reading
Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture.

  • February 21st 2023 at 18:45
  • β†—

Coinbase Crypto Exchange Ensnared in 'Oktapus'-Related Smishing Attack

By Elizabeth Montalbano, Contributor, Dark Reading
Some employees' personal data was leaked, but the company responded swiftly to a socially engineered incident that gained access to legitimate employee login credentials.

  • February 21st 2023 at 18:40
  • β†—

Third-Party Providers Create Identity and Access Control Challenges for Fintech Apps

By Shira Shamban, CEO and Co-founder, Solvo
Fintech has drastically shifted the financial services industry toward digital technologies and, in so doing, has introduced a variety of new risks.

  • February 21st 2023 at 18:35
  • β†—

Israel's Top Tech University Targeted by DarkBit Ransomware

By Nathan Eddy, Contributing Writer, Dark Reading
An Israeli university is being blackmailed by hackers. However, they aren't just after money but are looking to send a political message β€” and maybe something more.

  • February 21st 2023 at 18:08
  • β†—

Coinbase breached by social engineers, employee data stolen

By Paul Ducklin
Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa...

Insider Threats Don't Mean Insiders Are Threatening

By Szilveszter Szebeni, Co-Founder & CISO, Tresorit
By implementing tools that enable internal users to do their jobs efficiently and securely, companies reduce insider threat risk by building insider trust.

  • February 21st 2023 at 15:00
  • β†—

MyloBot Botnet Spreading Rapidly Worldwide: Infecting Over 50,000 Devices Daily

By Ravie Lakshmanan
A sophisticated botnet known as MyloBot has compromised thousands of systems, with most of them located in India, the U.S., Indonesia, and Iran. That's according to new findings from BitSight, whichΒ saidΒ it's "currently seeing more than 50,000 unique infected systems every day," down from a high of 250,000 unique hosts in 2020. Furthermore, an analysis of MyloBot's infrastructure has found

A New Kind of Bug Spells Trouble for iOS and macOS Security

By Matt Burgess
Security researchers found a class of flaws that, if exploited, would allow an attacker to access people’s messages, photos, and call history.

The Future of Network Security: Predictive Analytics and ML-Driven Solutions

By The Hacker News
As the digital age evolves and continues to shape the business landscape, corporate networks have become increasingly complex and distributed. The amount of data a company collects to detect malicious behaviour constantly increases, making it challenging to detect deceptive and unknown attack patterns and the so-called "needle in the haystack". With a growing number of cybersecurity threats,

Accidental WhatsApp account takeovers? It's a thing

Blame it on phone number recycling (yes, that's a thing, too)

A stranger may be receiving your private WhatsApp messages, and also be able to send messages to all of your contacts – if you have changed your phone number and didn't delete the WhatsApp account linked to it.…

  • February 21st 2023 at 11:00
  • β†—

Researchers Discover Numerous Samples of Information Stealer 'Stealc' in the Wild

By Ravie Lakshmanan
A new information stealer calledΒ StealcΒ that's being advertised on the dark web could emerge as a worthy competitor to other malware of its ilk. "The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied onΒ Vidar,Β Raccoon,Β Mars, andΒ RedLineΒ stealers," SEKOIAΒ saidΒ in a Monday report. The French cybersecurity company said itΒ discoveredΒ more thanΒ 40

Coinbase Employee Falls for SMS Scam in Cyber Attack, Limited Data Exposed

By Ravie Lakshmanan
Popular cryptocurrency exchange platform Coinbase disclosed that it experienced a cybersecurity attack that targeted its employees. The companyΒ saidΒ its "cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information." The incident, which took place on February 5, 2023, resulted in the exposure of a "limited amount of

Locking down the remote printer

No longer a blind spot, printer security is now a grown up conversation says Brother

Sponsored Feature As businesses journey deeper into an era of restless digital change, it's surprising how inventions from past decades still define the office environment.…

  • February 21st 2023 at 07:21
  • β†—

Researchers Warn of ReverseRAT Backdoor Targeting Indian Government Agencies

By Ravie Lakshmanan
A spear-phishing campaign targeting Indian government entities aims to deploy an updated version of a backdoor called ReverseRAT. Cybersecurity firm ThreatMonΒ attributedΒ the activity to a threat actor tracked asΒ SideCopy. SideCopy is a threat group of Pakistani origin that shares overlaps with another actor calledΒ Transparent Tribe. It is so named for mimicking the infection chains associated

DNA testing biz vows to improve infosec after criminals break into database it forgot it had

Settles lawsuit with two states after wider leak that affected millions

A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old "legacy" database the company forgot it had.…

  • February 20th 2023 at 20:30
  • β†—

Twitter tells users: Pay up if you want to keep using insecure 2FA

By Paul Ducklin
Ironically, Twitter Blue users will be allowed to keep using the very 2FA process that's not considered secure enough for everyone else.

How to Protect Yourself From Twitter’s 2FA Crackdown

By Matt Burgess
Twitter is disabling SMS-based two-factor authentication. Switch to these alternatives to keep your account safe.

Modern Software: What's Really Inside?

By Britta Glade, Vice President, Content and Curation, RSA Conference
Open source has changed the software game from build or buy to assemble with care.

  • February 20th 2023 at 15:00
  • β†—

Despite Breach, LastPass Demonstrates the Power of Password Management

By Michael Bargury, CTO & Co-Founder, Zenity
What's scarier than keeping all of your passwords in one place and having that place raided by hackers? Maybe reusing insecure passwords.

  • February 20th 2023 at 14:01
  • β†—
❌