FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Top US Spies Meet With Privacy Experts Over Surveillance 'Crown Jewel'

By Dell Cameron
Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed.

Axon's Ethics Board Resigned Over Taser-Armed Drones. Then the Company Bought a Military Drone Maker

By Ese Olumhense
The CEO’s vision for Taser-equipped drones includes a fictitious scenario in which the technology averts a shooting at a day care center.

U.K. and U.S. Sanction 11 Russia-based TrickBot Cybercrime Gang Members

By THN
The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang. “Russia has long been a safe haven for cybercriminals, including the TrickBot group,” the U.S. Treasury Department said, adding it has “ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies, including

Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured
  • September 8th 2023 at 09:22
  • ↗

Apple races to patch the latest zero-day iPhone exploit

No user interaction needed for this one as Pegasus turns up via iMessage

Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.…

  • September 8th 2023 at 11:36
  • ↗

Protecting Your Microsoft IIS Servers Against Malware Attacks

By The Hacker News
Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a

Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform

By THN
Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It’s described as an authentication bypass flaw in the Cisco BroadWorks

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

By THN
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge

Microsoft, recently busted by Beijing, thinks it's across China's ever-changing cyber-offensive

Sometimes using AI to make hilariously wrong images that still drive social media engagement

Microsoft, which earlier this week admitted not being able to detect a Chinese attack on its own infrastructure, has published a report [PDF] titled "Digital threats from East Asia increase in breadth and effectiveness." In the report, Redmond's Threat Intelligence group expounds on its fresh insight into evolving online aggressions from both China and North Korea.…

  • September 8th 2023 at 06:32
  • ↗

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

By THN
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

By THN
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064

Russian infosec boss gets nine years for $100M insider-trading caper using stolen data

Confidential figures for Tesla, Snap, Roku, Avnet, others swiped and used to rack up millions in ill-gotten gains

Vladislav Klyushin, the Russian owner of security penetration testing firm M-13, was jailed for nine years in the US on Thursday for his involvement in a cyber-crime operation that stole top corporations' confidential financial information to make $93 million through insider trading.…

  • September 8th 2023 at 00:57
  • ↗

US, UK sanction more Russians linked to Trickbot

Top admin, HR managers, devs go on transatlantic deny-list

The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.…

  • September 7th 2023 at 22:44
  • ↗

Domain Name Industry Brief Quarterly Report: DNIB.com announces 356.6 Million Domain Name Registrations in the Second Quarter of 2023

By Verisign

Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the second quarter of 2023 closed with 356.6 million domain name registrations across all top-level domains (TLDs), an increase of 1.7 million domain name registrations, or 0.5%, compared to the first quarter of 2023. Domain name registrations also increased by 4.3 million, or 1.2%, year over year.


Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the second quarter of 2023, including:

  • Top 10 largest TLDs by number of reported domain names
  • Top 10 largest ccTLDs by number of reported domain names
  • ngTLDs as percentage of total TLDs
  • Geographical ngTLDs as percentage of total corresponding geographical TLDs

With the launch of the DNIB.com dashboards, 16 additional TLDs have been included in applicable calculations. The applicable current and historical data presented in this edition of the quarterly report have been adjusted accordingly, and applicable quarterly and year-over-year trends have been calculated using those adjusted figures. More information is available at DNIB.com.

DNIB.com and the Domain Name Industry Brief Quarterly Report are sponsored by Verisign. To see past issues of the quarterly report, interactive dashboards, and learn about DNIB.com’s statistical methodology, please visit DNIB.com.

The post Domain Name Industry Brief Quarterly Report: DNIB.com announces 356.6 Million Domain Name Registrations in the Second Quarter of 2023 appeared first on Verisign Blog.

US and UK Mount Aggressive Crackdown on Trickbot and Conti Ransomware Gangs

By Lily Hay Newman
Authorities have sanctioned 11 alleged members of the cybercriminal groups, while the US Justice Department unsealed three federal indictments against nine people accused of being members.

Lawsuit claims Tesla corp data security is far less advanced than its cars

Sueball alleges company at fault after employee info leaked, including Musk's

An ex-Tesla staffer has filed a proposed class action lawsuit that blames poor access control at the carmaker for a data leak, weeks after Tesla itself sued the alleged leakers, two former employees.…

  • September 7th 2023 at 16:30
  • ↗

The International Criminal Court Will Now Prosecute Cyberwar Crimes

By Andy Greenberg
And the first case on the docket may well be Russia’s cyberattacks against civilian critical infrastructure in Ukraine.

Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

By THN
A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering

If you like to play along with the illusion of privacy, smart devices are a dumb idea

You're just giving manufacturers carte blanche to profit off personal data

Updated Depressingly predictable research from Which? serves as another reminder, if one was needed, that furnishing your home with internet-connected "smart" devices could be a dumb idea if you'd rather try to preserve your privacy.…

  • September 7th 2023 at 12:11
  • ↗

Facebook Trains Its AI on Your Data. Opting Out May Be Futile

By Reece Rogers
Here's how to request that your personal information not be used to train Meta's AI model. "Request" is the operative word here.

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024

By The Hacker News
By the end of 2024, the number of MSPs and MSSPs offering vCISO services is expected to grow by almost 5 fold, as can be seen in figure 1. This incredible surge reflects the growing business demand for specialized cybersecurity expertise and the lucrative opportunities for MSPs and MSSPs in vCISO services. Figure 1: Timeline for offering vCISO services The State of the Virtual CISO Survey Report

Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks

By THN
Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database. Outside of these

UK drops 'spy clause' for scanning encrypted chat, admits it's not 'feasible'

But don't celebrate yet ... it has simply kicked the online safety can down the road, Westminster style

Comment Sanity appears to have prevailed in the debate over the UK's Online Safety Bill after the government agreed to ditch proposals – at least for the time being – to legislate the scanning of end-to-end encrypted messages.…

  • September 7th 2023 at 10:09
  • ↗

Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks

By THN
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service (DDoS) attacks. Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed. "It is likely that this

Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach

By THN
Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key. The system crash took place

China reportedly bans iPhones from more government offices

So what? Smartphones are routinely restricted in, or excluded from, sensitive locations

Analysis Chinese authorities have reportedly banned Apple's iPhones from some government offices.…

  • September 7th 2023 at 05:28
  • ↗

The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s Signing Key

By Lily Hay Newman
After leaving many questions unanswered, Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable cryptographic key.

Microsoft: China stole secret key that unlocked US govt email from crash debug dump

Mistakes were made, lessons learned, stuff now fixed, says Windows maker

Remember that internal super-secret Microsoft security key that China stole and used to break into US government email accounts back in July? …

  • September 6th 2023 at 22:59
  • ↗

Guy who ran Bitcoins4Less tells Feds he had less than zero laundering protections

What? Yogurt Monster isn't really a legitimate customer's name?!

A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.…

  • September 6th 2023 at 20:42
  • ↗

Coffee Meets Bagel outage caused by cybercriminals deleting data and files

Did you potentially miss the love match of your life in week-long blackout? Nope, nobody could access it

If you got snubbed by the object of your affections on dating app Coffee Meets Bagel (CMB) in late August, don't feel bad, the company says its systems were down due to cyber baddies.…

  • September 6th 2023 at 16:01
  • ↗
❌