Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. “These credentials...
Month: September 2021
DARKreading – FragAttacks Foil 2 Decades of Wireless Security
Wireless security protocols have improved, but product vendors continue to make implementation errors that allow a variety of attacks. The evolution of wireless security could at...
thehackernews – Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting...
thehackernews – Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group
Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade...
nakedsecurity – Poisoned proxy PACs! The NPM package with a network-wide security hole…
Not long ago, independent software developer Tim Perry, creator of the HTTP Toolkit for intercepting and debugging web traffic… …decided to add proxy support to his product, which,...
threatpost – Ragnar Locker Gang Warns Victims Not to Call the FBI
Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help. All that the FBI/ransomware negotiators/investigators do...
thehackernews – New 0-Day Attack Targeting Windows Users With Microsoft Office Documents
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that’s being used to hijack vulnerable Windows systems by leveraging weaponized Office documents....
thehackernews – Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released
Networking, storage and security solutions provider Netgear on Friday issued patches to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to...
thehackernews – Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash
Apple is temporarily hitting the pause button on its controversial plans to screen users’ devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that...
thehackernews – What is AS-REP Roasting attack, really?
Microsoft’s Active Directory is said to be used by 95% of Fortune 500. As a result, it is a prime target for attackers as they look to gain...
thehackernews – ProtonMail Shares Activist’s IP Address With Authorities Despite Its “No Log” Claims
End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading...
CSOonline – China’s PIPL privacy law imposes new data handling requirements
The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information. As part of...
CSOonline – Critical flaw in Atlassian Confluence actively exploited
The remote code execution vulnerability was recently patched for affected versions of Atlassian Confluence Server and Data Center; users are advised to apply the patch or...
CSOonline – The T-Mobile data breach: A timeline
Telecommunications giant T-Mobile warns data belonging to some 50 million individuals has been exposed. Here is a timeline of the data breach and its ramifications. Telecommunications...
welivesecurity – A parent’s guide to smartphone security
Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to...
DARKreading – DDoS Attacks Hitting Victims in High-Bandwidth ‘Bursts’
The volume of traffic harnessed by attackers has grown steadily over the years, with distributed denial-of-service attacks regularly topping hundreds of gigabytes per second. Imperva, “Global...
thehackernews – FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor
A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against...
DARKreading – CISA Launches JCDC, the Joint Cyber Defense Collaborative
“We can’t do this alone,” the new CISA director told attendees in a keynote at Black Hat USA today. BLACK HAT USA 2021 – Las Vegas – Jen Easterly, the...
welivesecurity – Twitter introduces new feature to automatically block abusive behavior
Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users. Twitter has unveiled a new feature...
nakedsecurity – Big bad decryption bug in OpenSSL – but no cause for alarm
The well-known and widely-used encryption library OpenSSL released a security patch earlier this week. Annoyingly for those who like lean, modern, sans serif typefaces, the new version is OpenSSL...
nakedsecurity – Skimming the CREAM – recursive withdrawals loot $13M in cryptocash
You must have had that happy feeling (happiest of all when it’s still a day or two to payday and you know that your balance is...
blogs.cisco – What you see is what you get … to protect
In my first nearly 90 days since joining Cisco, I’ve spoken with customers from around the world. And one thing that I continue to hear? The shift to a more distributed workforce is...
C-Level Executives Should Stay Away From These 6 Cybersecurity Myths
The C-suite in any organisation is entrusted with the responsibility of spearheading innovation, progress, and company direction. Additionally, C-level executives hold a greater responsibility in maintaining...
BBC News – WhatsApp issued second-largest GDPR fine of €225m
WhatsApp has been fined €225m (£193m) by Ireland’s data watchdog for breaching privacy regulations. It is the largest fine ever from the Irish Data Protection Commission,...
thehackernews – Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks
The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the...
thehackernews – CISA Adds Single-Factor Authentication to the List of Bad Practices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of “exceptionally risky” cybersecurity practices that could expose critical infrastructure as...