FreshRSS

πŸ”’
β–³ πŸ”ƒ
☐ β˜† βœ‡ WIRED

Apple Chip Flaw Leaks Secret Encryption Keys

By Andrew Couts β€” March 23rd 2024 at 10:00
Plus: The Biden administration warns of nationwide attacks on US water systems, a new Russian wiper malware emerges, and China-linked hackers wage a global attack spree.
☐ β˜† βœ‡ WIRED

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

By Andy Greenberg β€” March 21st 2024 at 14:00
The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.
☐ β˜† βœ‡ Security – Cisco Blog

Cisco and Nvidia: Redefining Workload Security

By Jana Radhakrishnan β€” March 20th 2024 at 12:00

There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can access… Read more on Cisco Blogs

☐ β˜† βœ‡ WIRED

Automakers Are Telling Your Insurance Company How You Really Drive

By Dell Cameron, Andrew Couts β€” March 16th 2024 at 13:00
Plus: The operator of a dark-web cryptocurrency β€œmixing” service is found guilty, and a US senator reveals that popular safes contain secret backdoors.
☐ β˜† βœ‡ WIRED

Russian Hackers Stole Microsoft Source Codeβ€”and the Attack Isn’t Over

By Dhruv Mehrotra, Andrew Couts β€” March 9th 2024 at 14:00
Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.
☐ β˜† βœ‡ WIRED

Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say

By Dell Cameron β€” March 6th 2024 at 15:38
A coalition of 41 state attorneys general says Meta is failing to assist Facebook and Instagram users whose accounts have been hackedβ€”and they want the company to take β€œimmediate action.”
☐ β˜† βœ‡ Security – Cisco Blog

Mitigating Lateral Movement with Zero Trust Access

By Andrew Akers β€” March 5th 2024 at 13:00

Security service edge (SSE) technology was created to protect remote and branch users with a unified, cloud-delivered security stack. To understand how SSE solutions protect organizations and their… Read more on Cisco Blogs

πŸ’Ύ

☐ β˜† βœ‡ WIRED

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

By Andy Greenberg β€” March 4th 2024 at 17:41
The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.
☐ β˜† βœ‡ WIRED

The Privacy Danger Lurking in Push Notifications

By Andy Greenberg, Andrew Couts, Matt Burgess β€” March 2nd 2024 at 14:00
Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure.
☐ β˜† βœ‡ WIRED

Here Come the AI Worms

By Matt Burgess β€” March 1st 2024 at 09:00
Security researchers created an AI worm in a test environment that can automatically spread between generative AI agentsβ€”potentially stealing data and sending spam emails along the way.
☐ β˜† βœ‡ WIRED

The Mysterious Case of the Missing Trump Trial Ransomware Leak

By Andy Greenberg β€” February 29th 2024 at 18:24
The notorious LockBit gang promised a Georgia court leak "that could affect the upcoming US election.” It didn't materializeβ€”but the story may not be over yet.
☐ β˜† βœ‡ WIRED

Here Are the Google and Microsoft Security Updates You Need Right Now

By Kate O'Flaherty β€” February 29th 2024 at 16:30
Plus: Mozilla patches 12 flaws in Firefox, Zoom fixes seven vulnerabilities, and more critical updates from February.
☐ β˜† βœ‡ WIRED

Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust

By Andy Greenberg β€” February 27th 2024 at 22:35
Two months ago, the FBI β€œdisrupted” the BlackCat ransomware group. They're already backβ€”and their latest attack is causing delays at pharmacies across the US.
☐ β˜† βœ‡ WIRED

How a Right-Wing Controversy Could Sabotage US Election Security

By Eric Geller β€” February 26th 2024 at 13:00
Republicans who run elections are split over whether to keep working with the Cybersecurity and Infrastructure Security Agency to fight hackers, online falsehoods, and polling-place threats.
☐ β˜† βœ‡ Security – Cisco Blog

Network Resilience: Accelerating Efforts to Protect Critical Infrastructure

By Matt Fussa β€” February 21st 2024 at 16:48

As head of the Cisco Trust Office, Matt Fussa leads a global team that partners with government agencies, regulators, and customers to help shape cybersecurity regulation and manage cyber risk. He is… Read more on Cisco Blogs

πŸ’Ύ

☐ β˜† βœ‡ Security – Cisco Blog

NIS2 compliance for industrial networks: Are you ready?

By Fabien Maisl β€” February 16th 2024 at 17:47

Since the European Union (EU) signed the second version of the Network and Information Security (NIS2) Directive in December 2022, there has been a real frenzy all around Europe about it. NIS2 is now… Read more on Cisco Blogs

NIS2 compliance for industrial networks: Are you ready?

πŸ’Ύ

☐ β˜† βœ‡ WIRED

A Mysterious Leak Exposed Chinese Hacking Secrets

By Matt Burgess β€” February 24th 2024 at 14:00
Plus: Scammers try to dupe Apple with 5,000 fake iPhones, Avast gets fined for selling browsing data, and researchers figure out how to clone fingerprints from your phone screen.
☐ β˜† βœ‡ WIRED

Apple iOS 17.4: iMessage Gets Post-Quantum Encryption in New Update

By Matt Burgess β€” February 21st 2024 at 14:00
Useful quantum computers aren’t a realityβ€”yet. But in one of the biggest deployments of post-quantum encryption so far, Apple is bringing the technology to iMessage.
☐ β˜† βœ‡ WIRED

Anne Neuberger, a Top White House Cyber Official, Sees the 'Promise and Peril' in AI

By Garrett M. Graff β€” February 21st 2024 at 12:00
Anne Neuberger, the Biden administration’s deputy national security adviser for cyber, tells WIRED about emerging cybersecurity threatsβ€”and what the US plans to do about them.
☐ β˜† βœ‡ The Hacker News

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

By Newsroom β€” February 21st 2024 at 05:34
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying
☐ β˜† βœ‡ The Hacker News

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

By Newsroom β€” February 20th 2024 at 12:55
The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it
☐ β˜† βœ‡ The Hacker News

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

By Newsroom β€” February 20th 2024 at 12:30
Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttper, were each downloaded 537 and 166 times, respectively,
☐ β˜† βœ‡ The Hacker News

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

By Newsroom β€” February 20th 2024 at 10:53
North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint advisory published by Germany's Federal Office for the Protection of the Constitution (BfV) and South Korea's National Intelligence Service (NIS), the agencies said the goal of the attacks is to plunder advanced defense technologies in a "
☐ β˜† βœ‡ The Hacker News

SaaS Compliance through the NIST Cybersecurity Framework

By The Hacker News β€” February 20th 2024 at 10:53
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a
☐ β˜† βœ‡ The Hacker News

Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

By The Hacker News β€” February 20th 2024 at 10:53
In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory.  When organizations have no response plan in place for such an
☐ β˜† βœ‡ The Hacker News

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

By Newsroom β€” February 20th 2024 at 06:01
Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against Israel. Iran
☐ β˜† βœ‡ The Hacker News

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

By Newsroom β€” February 20th 2024 at 05:25
Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details.An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed 
☐ β˜† βœ‡ The Hacker News

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

By Newsroom β€” February 19th 2024 at 13:14
Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included
☐ β˜† βœ‡ The Hacker News

How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

By The Hacker News β€” February 19th 2024 at 11:30
Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of Network Detection and Response (NDR) and how it’s become the most effective technology to detect cyber threats?  NDR massively
☐ β˜† βœ‡ The Hacker News

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries

By Newsroom β€” February 19th 2024 at 10:29
The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and protection mechanisms," ThreatFabric said in a report shared with The Hacker News.
❌