FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdaySecurity

School Employee Allegedly Framed a Principal With Racist Deepfake Rant

By Matt Burgess
Plus: Google holds off on killing cookies, Samourai Wallet founders get arrested, and GM stops driver surveillance program.

Russia Vetoed a UN Resolution to Ban Space Nukes

By Stephen Clark, Ars Technica
A ban on weapons of mass destruction in orbit has stood since 1967. Russia apparently has other ideas.

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details
  • April 26th 2024 at 13:28
  • ↗

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

By Newsroom
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with
  • April 27th 2024 at 12:47
  • ↗

Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals

Python’s versatility and short learning curve are just two factors that explain the language’s 'grip' on cybersecurity
  • April 25th 2024 at 09:30
  • ↗

Bogus npm Packages Used to Trick Software Developers into Installing Malware

By Newsroom
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked
  • April 27th 2024 at 05:12
  • ↗

Kaiser Permanente handed over 13.4M people's data to Microsoft, Google, others

Ouch!

Millions of Kaiser Permanente patients' data was likely handed over to Google, Microsoft Bing, X/Twitter, and other third-parties, according to the American healthcare giant.…

  • April 26th 2024 at 18:14
  • ↗

Second time lucky for Thoma Bravo, which scoops up Darktrace for $5.3B

Analysts brand deal a 'nail in the coffin' for UK tech investment

Private equity investor Thoma Bravo has successfully completed a second acquisition attempt of UK-based cybersecurity company Darktrace in a $5.3 billion deal.…

  • April 26th 2024 at 16:00
  • ↗

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

By Newsroom
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,
  • April 26th 2024 at 14:03
  • ↗

UK's Investigatory Powers Bill to become law despite tech world opposition

Only minor changes from original proposals that kicked up privacy storm

The UK's contentious Investigatory Powers (Amendment) Bill (IPB) 2024 has officially received the King's nod of approval and will become law.…

  • April 26th 2024 at 12:00
  • ↗

Four trends to top the CISO’s packed agenda

Check out the SANS CISO Primer for tips on hardening your organisation’s security posture in 2024

Sponsored Post Ever get nostalgic for the good old days of cybersecurity protection? When attacks were for the most part amateurish and infrequent, and perhaps more in the nature of an occasional nuisance rather than a daily existential threat?…

  • April 26th 2024 at 07:34
  • ↗

Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim

Huawei is OK, but Xiaomi, OPPO, and Samsung are in strife. And Honor isn't living its name

Many Chinese keyboard apps, some from major handset manufacturers, can leak keystrokes to determined snoopers, leaving perhaps three quarters of a billion people at risk according to research from the University of Toronto’s Citizen Lab.…

  • April 26th 2024 at 05:33
  • ↗

Cops cuff man for allegedly framing colleague with AI-generated hate speech clip

Athletics boss accused of deep-faking Baltimore school principal

Baltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and antisemitic remarks.…

  • April 25th 2024 at 21:43
  • ↗

Ring dinged for $5.6M after, among other claims, rogue insider spied on 'pretty girls'

Cash to go out as refunds to punters

The FTC today announced it would be sending refunds totaling $5.6 million to Ring customers, paid from the Amazon subsidiary's coffers.…

  • April 25th 2024 at 21:03
  • ↗

Two cuffed in Samourai Wallet crypto dirty money sting

Suspects in Portugal and the US said to have laundered over $100M

Two men alleged to be co-founders of cryptocurrency biz Samourai Wallet face serious charges and potentially decades in US prison over claims they owned a product that facilitated the laundering of over $100 million in criminal cash.…

  • April 25th 2024 at 17:15
  • ↗

10 Critical Endpoint Security Tips You Should Know

By The Hacker News
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT
  • April 26th 2024 at 10:46
  • ↗

New 'Brokewell' Android Malware Spread Through Fake Browser Updates

By Newsroom
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,
  • April 26th 2024 at 10:42
  • ↗

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

By Newsroom
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in
  • April 26th 2024 at 10:18
  • ↗

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

By Newsroom
Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.92.0. The issue has been resolved in version 3.92.1 released on February 27, 2024,
  • April 26th 2024 at 05:49
  • ↗

North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

By Newsroom
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT as part of attacks targeting specific individuals in the Asia region in summer 2023. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL
  • April 25th 2024 at 16:47
  • ↗

Russia, Iran pose most aggressive threat to 2024 elections, say infoseccers

Google security crew reveal ‘the four Ds’ to be on the watch for

It may come as a surprise to absolutely nobody that experts say, in revealing the most prevalent and likely tactics to meddle with elections this year, that state-sponsored cybercriminals pose the biggest threat.…

  • April 25th 2024 at 13:34
  • ↗

Network Threats: A Step-by-Step Attack Demonstration

By The Hacker News
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit
  • April 25th 2024 at 11:13
  • ↗

What to do in the age of the critical breach

Why the triple threat of ransomware, data breaches, and extortion is a cybersecurity crisis

Webinar The UK government could be forgiven for wanting to forget March 2024 ever happened.…

  • April 25th 2024 at 09:16
  • ↗

Indian bank’s IT is so shabby it’s been banned from opening new accounts

After two years of warnings, and outages, regulators ran out of patience with Kotak Mahindra Bank

India’s central bank has banned Kotak Mahindra Bank from signing up new customers for accounts or credit cards through its online presence and app.…

  • April 25th 2024 at 06:29
  • ↗

Australia’s spies and cops want ‘accountable encryption’ - aka access to backdoors

And warn that AI is already being used by extremists to plot attacks

The director general of Australia’s lead intelligence agency and the commissioner of its Federal Police yesterday both called for social networks to offer more assistance to help their investigators work on cases involving terrorism, child exploitation, and racist nationalism.…

  • April 25th 2024 at 00:29
  • ↗

Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes

Don't get too comfortable: 'Line Dancer' malware may be targeting other vendors, too

A previously unknown and "sophisticated" nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments.…

  • April 24th 2024 at 23:11
  • ↗

'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks

By Andy Greenberg
Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.

5 Best VPN Services (2024): For Routers, PC, iPhone, Android, and More

By Scott Gilbertson
It won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers.

What makes Starmus unique? Q&A with award-winning filmmaker Todd Miller

The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges, as well as why he became involved with Starmus
  • April 24th 2024 at 09:02
  • ↗

How technology drives progress: Q&A with Nobel laureate Michel Mayor

We spoke to Michel Mayor about the importance of public engagement with science and how to foster responsibility among the youth for the preservation of our changing planet
  • April 23rd 2024 at 13:33
  • ↗

The vision behind Starmus: Q&A with the festival’s co-founder Garik Israelian

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and a sense of community within the Starmus universe
  • April 23rd 2024 at 09:36
  • ↗

DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions

By Newsroom
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged
  • April 25th 2024 at 10:21
  • ↗

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

By Newsroom
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year. As part of the
  • April 25th 2024 at 06:37
  • ↗

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

By Newsroom
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). "UAT4356
  • April 25th 2024 at 05:50
  • ↗

Shouldn't Teams, Zoom, Slack all interoperate securely for the Feds? Wyden is asking

Doctorow: 'The most amazing part is that this isn't already the way it's done'

Collaboration software used by federal government agencies — this includes apps from Microsoft, Zoom, Slack, and Google — will be required to work together and be securely end-to-end encrypted, if legislation proposed by US Senator Ron Wyden (D-OR) passes.…

  • April 24th 2024 at 19:43
  • ↗

Microsoft cannot keep its own security in order, so what hope for its add-ons customers?

Secure-by-default... if your pockets are deep enough

Microsoft has come under fire for charging for security add-ons despite the company's own patchy record when it comes to vulnerabilities and breaches.…

  • April 24th 2024 at 17:15
  • ↗

Management company settles for $18.4M after nuclear weapons plant staff fudged their timesheets

The firm 'fessed up to staff misconduct and avoided criminal liability

A company contracted to manage an Amarillo, Texas nuclear weapons facility has to pay US government $18.4 million in a settlement over allegations that its atomic technicians fudged their timesheets to collect more money from Uncle Sam.…

  • April 24th 2024 at 15:00
  • ↗
❌